thr3ads.net - Shorewall users - [Shorewall-users] Re: Exchange Server in DMZ (i-hacked.com) [Feb 2003]

If this information is useful, please help other people find it:
Share via:
Francesca C. Smith
2003-Feb-26 10:54 UTC
[Shorewall-users] Re: Exchange Server in DMZ (i-hacked.com)

Hiya,

My two cents here .. I use a locked down Linux Sendmail relay (use sendmail
null-client feature on any spare old server or PC) in my DMZ to relay Mail
to the exchange server in my local zone. Its sort of the moat you have to
cross over to get at the castle walls and the hot oil dumped on your head
approach.

Francesca C. Smith
Lady Linux Internet Services
1801 Bolton Street # 1
Baltimore, Md 21217

-----Original Message-----
From: shorewall-users-bounces@lists.shorewall.net
[mailto:shorewall-users-bounces@lists.shorewall.net]On Behalf Of
shorewall-users-request@lists.shorewall.net
Sent: Wednesday, February 26, 2003 12:32 PM
To: shorewall-users@lists.shorewall.net
Subject: Shorewall-users Digest, Vol 3, Issue 72


Send Shorewall-users mailing list submissions to
	shorewall-users@lists.shorewall.net

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.shorewall.net/mailman/listinfo/shorewall-users
or, via email, send a message with subject or body ''help'' to
	shorewall-users-request@lists.shorewall.net

You can reach the person managing the list at
	shorewall-users-owner@lists.shorewall.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Shorewall-users digest..."


Today''s Topics:

   1. Re: Exchange Server in DMZ (i-hacked.com)
   2. Port Forwarding (Ted Gervais)
   3. Re: Port Forwarding (Tom Eastep)
   4. Re: Exchange Server in DMZ (Tom Eastep)
   5. RE: VPN Passthrough Assistance Needed (Martinez, Mike (MHS-ACS))
   6. Re: Port Forwarding (Ted Gervais)
   7. Re: Port Forwarding (Tom Eastep)
   8. Re: Port Forwarding (Ted Gervais)
   9. Shorewall issue with ProxyARP (sivamurugu)


----------------------------------------------------------------------

Message: 1
Date: Wed, 26 Feb 2003 06:37:44 -0600
From: "i-hacked.com" <hevnsnt@i-hacked.com>
Subject: Re: [Shorewall-users] Exchange Server in DMZ
To: <shorewall-users@lists.shorewall.net>
Message-ID: <005501c2dd93$dcbadd00$0d00a8c0@dual2k>
Content-Type: text/plain;	charset="iso-8859-1"

Let me tell you, I know how bad an Exchange server gets when it is
accessable from the Inet.. We have been working 20hr days for a week
straight to clean up that mess.. I would suggest you re-think that approach.

-Bill

----- Original Message -----
From: "Cowles, Steve" <Steve@SteveCowles.com>
To: <shorewall-users@lists.shorewall.net>
Sent: Wednesday, February 26, 2003 6:28 AM
Subject: RE: [Shorewall-users] Exchange Server in DMZ

> > -----Original Message-----
> > From: Randy Millis
> > Sent: Tuesday, February 25, 2003 9:15 PM
> > Subject: [Shorewall-users] Exchange Server in DMZ
> >
> >
> > I would like to place an exchange 5.5 server in my DMZ.
>
> So your wanting to live life dangerously by placing an exchange server in
a> publicly accessible zone. I don''t know why, but the term sleep
depravation
> comes to mind here. :-)
>
> >
> > Can anyone tell me how I can set this up to allow LAN clients
> > to be able to connect to Exchange and also so I can admin the
> > box from the LAN with Terminal Services?
>
> Microsoft has written many articles about this subject. Try searching
> microsoft.com for "exchange+firewall". The required registry
changes (rpc
> stuff) and ports required are listed in most of these articles.
>
> FWIW: I run exchange 5.5 here (in my loc zone) but front-end this exchange
> server with a linux server running sendmail/spamassassin in my DMZ. I
simply> configured sendmail to relay all inbound e-mail for my domains to the
> exchange server. A simple one-line mailertable entry per domain was all
that> was required. My shorewall rules for this design are also quite simple:
>
> # Allow inbound e-mail from internet to sendmail server.
> DNAT     net     dmz:192.168.8.2   tcp     smtp
>
> # Allow inbound e-mail to be relayed to exchange
> # server (192.168.9.2) after being processed by SA
> ACCEPT   dmz     loc:192.168.9.2   tcp     smtp
>
> # Allow sendmail to send DSN''s
> ACCEPT   dmz     net               tcp     smtp
>
> # Allow exchange to send DSN''s. Policy loc->net set to accept
> REJECT:info     loc:!192.168.9.2   net   tcp     25
>
> On a side note... in the last month my dmz server has been subjected to
> three DoS type attacks against the smtp port. One time I actually had to
> bounce sendmail to start the flow of e-mail again. Grrr! My point being --
> given Microsoft''s'' poor history regarding DoS type
attacks, there is no
> telling what would have happened had these attacks been launched against
> Exchange''s MTA (IMC).
>
> Steve Cowles
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
http://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
>

------------------------------

Message: 2
Date: Wed, 26 Feb 2003 08:44:59 -0400 (AST)
From: Ted Gervais <ve1drg@av.eastlink.ca>
Subject: [Shorewall-users] Port Forwarding
To: Shorewall List <shorewall-users@lists.shorewall.net>
Message-ID:
	<Pine.LNX.4.44.0302260843500.1557-100000@linux.ve1drg.ampr.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII


Is ''port forwarding'' a relatively new thing with packet
filtering?  Or has
it always been available since  iptables appeared on the scene.

---
Ted Gervais
Coldbrook Nova Scotia
Canada B4R1A7



------------------------------

Message: 3
Date: Wed, 26 Feb 2003 06:48:36 -0800
From: Tom Eastep <teastep@shorewall.net>
Subject: Re: [Shorewall-users] Port Forwarding
To: Ted Gervais <ve1drg@av.eastlink.ca>,	Shorewall List
	<shorewall-users@lists.shorewall.net>
Message-ID: <159010000.1046270916@wookie.shorewall.net>
Content-Type: text/plain; charset=us-ascii; format=flowed



--On Wednesday, February 26, 2003 08:44:59 AM -0400 Ted Gervais
<ve1drg@av.eastlink.ca> wrote:
>
> Is ''port forwarding'' a relatively new thing with packet
filtering?  Or has
> it always been available since  iptables appeared on the scene.
Port forwarding has been around as long as I''ve been fooling with
firewalls
(~ 5 years).

-Tom
--
Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net


------------------------------

Message: 4
Date: Wed, 26 Feb 2003 06:57:19 -0800
From: Tom Eastep <teastep@shorewall.net>
Subject: Re: [Shorewall-users] Exchange Server in DMZ
To: shorewall-users@lists.shorewall.net
Message-ID: <161850000.1046271439@wookie.shorewall.net>
Content-Type: text/plain; charset=us-ascii; format=flowed



--On Wednesday, February 26, 2003 06:37:44 AM -0600 "i-hacked.com"
<hevnsnt@i-hacked.com> wrote:
> Let me tell you, I know how bad an Exchange server gets when it is
> accessable from the Inet.. We have been working 20hr days for a week
> straight to clean up that mess.. I would suggest you re-think that
> approach.
>
Didn''t Randy say that he simply wanted LAN users to be able to access
the
Exchange server and that he wanted to be able to administer the server from
the LAN? I don''t believe that he mentioned opening it up for net
access.

-Tom
--
Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net


------------------------------

Message: 5
Date: Wed, 26 Feb 2003 09:02:19 -0600
From: "Martinez, Mike (MHS-ACS)"
<Mike.Martinez@mhs-helpdesk.com>
Subject: RE: [Shorewall-users] VPN Passthrough Assistance Needed
To: "''shorewall-users@lists.shorewall.net''"
	<shorewall-users@lists.shorewall.net>
Message-ID:
	<1DA97C0A3BB5D511BC9A00A0C998561344AEE3@mhs025.mhs-helpdesk.com>
Content-Type: text/plain;	charset="iso-8859-1"

Bill,

We have a Nortel 1500 VPN box sitting in our lan zone. We are able to
connect to this nortel box from within our lan and also from any wan
connections without any problems and our users are able to connect and
tunnel out without any problems.

They way we have our shorewall setup to work with this vpn is that we are
using proxyarp instead of nat for the ip''s that are assigned against
the
nortel box. Also in our policy file we allow our user in the lan zone full
access to everything:

Our Policy File

############################################################################
###
#SOURCE	DEST		POLICY		LOG LEVEL	LIMIT:BURST
loc2        loc         ACCEPT
loc		all		ACCEPT


and in our rules file we have this setup:

############################################################################
##
#RESULT		CLIENT(S) SERVER(S)	PROTO	PORT(S)	CLIENT PORT(S)
ADDRESS
#
ACCEPT      net             loc                esp
ACCEPT      net             loc                udp   500,5000

As a side note we also have some user connecting to an AT&T VPN without any
problems.

Quick suggestion\comments...Tom probably already recommend this....

I would blow away (erase) the Mandrake shorewall configuration and download
the latestshorewall rpm and install it.
Mandrake setups shorewall a little different and does not setup it up they
way Tom recommends shorewall to be setup and they also add some other
security stuff that might prevent you from getting your vpn connectivity
setup properly.

Also Nortel documentation recommends that the Nortel box be setup along side
whatever firewall you are using. I tried this and could never get my
shorewall firewall and the Nortel box to play well and had similar problems
to what you are experiencing. Do you have the Nortel box on the same
switch\hub that you shorewall box is on? If so this may be your problem.

We moved our Nortel box to a internal switch and as soon as we did this it
worked.

Anyway''s hopefully some of this helps.

Mike


-----Original Message-----
From: hevnsnt@i-hacked.com [mailto:hevnsnt@i-hacked.com]
Sent: Tuesday, February 25, 2003 8:48 PM
To: Shorewall List
Subject: Re: [Shorewall-users] VPN Passthrough Assistance Needed


I very thankful for your assistance... However I have now just had chance to

take a look at this problem, as others have arisen and been taken care of.

A little background to refresh your memories:  I have a small group of
computers that are behind a Mandrake SNF firewall. (before you say it, I
understand this is not a SNF list) All the clients (25-30) use Nortel''s
Extranet client from the LAN side to the Wan side.  The problem I am having,
is
that only 1 machine at a time can establish a VPN connection.

Solution:  I purchased a Sonicwall (got it SUPER CHEAP, email me if you are
interested) and got to play around to find the solution.  We experienced the

same problem with a 1:many nat setup with it, as soon as I moved it to 1:1
all
machines could connect.

Now my question:: (Please excuse the ignorance) How do I configure my
Shorewall
to run 1:1?  By interpreting Tom''s response below, I need to edit my
NAT
file.
I have opened up /etc/Shorewall/nat, and it tells me not to edit it,
therefore
I am very leary... Could someone hold my hand?  I need to mask
192.168.0.2/65.x.x.2|40.  1st, is /etc/Shorewall/nat the file I want to
edit?
2nd, how do I do it.  I am sorry, I am learning.. I respect and appreciate
your
knowledge, and I am working on learning.. =)

Thanks
-Bill

Quoting Tom Eastep <teastep@shorewall.net>:
> hevnsnt@i-hacked.com wrote:
> > Ahh.. I understand.. however, I know it is not a matter of norfc1918
> (how about
> > I assume it is not a matter of) because I can bring one client on a
> VPN
> > connection works fine..  It seems as though it is a problem with ipsec
> not
> > knowing about nat.. or something..
> >
>
> I suspect that it is rather a case of your Shorewall box not knowing
> enough about ipsec to be able to track multiple connections to one IP
> address effectively.
>
> What I would do is to also establish 1-1 NAT on your Shorewall Router in
>
> place of the current masq/snat. Even though there will still be
"double
>
> NAT", it should work fine because then connection tracking of the
IPSEC
>
> connections will work.
>
> e.g.,
>
> 192.168.1.11->192.168.0.11
> 192.168.1.12->192.168.0.12
> ...
>
> If you set up your NAT file and set ADD_IP_ALIASES=Yes in
> shorewall.conf, Shorewall will add all of the IP addresses for you.
>
> You could also set up proxy arp but that would be a little trickier...
>
> -Tom
> --
> Tom Eastep    \ Shorewall - iptables made easy
> Shoreline,     \ http://www.shorewall.net
> Washington USA  \ teastep@shorewall.net
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.shorewall.net
> http://lists.shorewall.net/mailman/listinfo/shorewall-users
>_______________________________________________
Shorewall-users mailing list
Post: Shorewall-users@lists.shorewall.net
Subscribe/Unsubscribe:
http://lists.shorewall.net/mailman/listinfo/shorewall-users
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm

------------------------------

Message: 6
Date: Wed, 26 Feb 2003 11:31:03 -0400 (AST)
From: Ted Gervais <ve1drg@av.eastlink.ca>
Subject: Re: [Shorewall-users] Port Forwarding
To: Tom Eastep <teastep@shorewall.net>
Cc: Shorewall List <shorewall-users@lists.shorewall.net>
Message-ID:
	<Pine.LNX.4.44.0302261128030.1702-100000@linux.ve1drg.ampr.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Wed, 26 Feb 2003, Tom Eastep wrote:
>
>
> --On Wednesday, February 26, 2003 08:44:59 AM -0400 Ted Gervais
> <ve1drg@av.eastlink.ca> wrote:
>
> >
> > Is ''port forwarding'' a relatively new thing with
packet filtering?  Or
has> > it always been available since  iptables appeared on the scene.
>
> Port forwarding has been around as long as I''ve been fooling with
firewalls> (~ 5 years).
Good to hear.  Which makes me wonder about some of the things I hear.

By the way - did you happen to read my message from last night. I hope I
wasn''t out of line in asking you to look at a few files???? The message
was about shorewall setup.  Everything works fine now which is why I am
asking the quesion(s).  I also opened a few extra ports (tty) stuff. Maybe
that wouldn''t me good too.  It is all in the status file(s)..
>
> -Tom
> --
> Tom Eastep   \ Shorewall - iptables made easy
> Shoreline,    \ http://www.shorewall.net
> Washington USA \ teastep@shorewall.net
>
>
---
Ted Gervais
Coldbrook Nova Scotia
Canada B4R1A7



------------------------------

Message: 7
Date: Wed, 26 Feb 2003 07:48:28 -0800
From: Tom Eastep <teastep@shorewall.net>
Subject: Re: [Shorewall-users] Port Forwarding
To: Shorewall List <shorewall-users@lists.shorewall.net>
Message-ID: <178840000.1046274508@wookie.shorewall.net>
Content-Type: text/plain; charset=us-ascii; format=flowed



--On Wednesday, February 26, 2003 11:31:03 AM -0400 Ted Gervais
<ve1drg@av.eastlink.ca> wrote:
> On Wed, 26 Feb 2003, Tom Eastep wrote:
>
> By the way - did you happen to read my message from last night. I hope I
> wasn''t out of line in asking you to look at a few files???? The
message
> was about shorewall setup.  Everything works fine now which is why I am
> asking the quesion(s).  I also opened a few extra ports (tty) stuff. Maybe
> that wouldn''t me good too.  It is all in the status file(s)..
>
Ted, I''m not willing to put myself in a position where I''m
"blessing"
people''s firewall configurations. Besides that, gazing at
"shorewall
status" output is ok when there''s a problem to solve but it is
sleep-inducing otherwise...

-Tom
--
Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net


------------------------------

Message: 8
Date: Wed, 26 Feb 2003 11:58:56 -0400 (AST)
From: Ted Gervais <ve1drg@av.eastlink.ca>
Subject: Re: [Shorewall-users] Port Forwarding
To: Tom Eastep <teastep@shorewall.net>
Cc: Shorewall List <shorewall-users@lists.shorewall.net>
Message-ID:
	<Pine.LNX.4.44.0302261158360.1791-100000@linux.ve1drg.ampr.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Wed, 26 Feb 2003, Tom Eastep wrote:
>
>
> --On Wednesday, February 26, 2003 11:31:03 AM -0400 Ted Gervais
> <ve1drg@av.eastlink.ca> wrote:
>
> > On Wed, 26 Feb 2003, Tom Eastep wrote:
> >
> > By the way - did you happen to read my message from last night. I hope
I
> > wasn''t out of line in asking you to look at a few files????
The message
> > was about shorewall setup.  Everything works fine now which is why I
am
> > asking the quesion(s).  I also opened a few extra ports (tty) stuff.
Maybe> > that wouldn''t me good too.  It is all in the status file(s)..
> >
>
> Ted, I''m not willing to put myself in a position where
I''m "blessing"
> people''s firewall configurations. Besides that, gazing at
"shorewall
> status" output is ok when there''s a problem to solve but it
is
> sleep-inducing otherwise...


OK Tom.  Thanks for your time.


>
> -Tom
> --
> Tom Eastep   \ Shorewall - iptables made easy
> Shoreline,    \ http://www.shorewall.net
> Washington USA \ teastep@shorewall.net
>
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
http://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
>
---
Ted Gervais
Coldbrook Nova Scotia
Canada B4R1A7



------------------------------

Message: 9
Date: Wed, 26 Feb 2003 23:05:49 +0530
From: sivamurugu <sivamurugu@indscape.com>
Subject: [Shorewall-users] Shorewall issue with ProxyARP
To: shorewall-users@lists.shorewall.net
Message-ID: <3E5CFAF5.8070401@indscape.com>
Content-Type: text/plain; charset="us-ascii"

Hi ,

      I am back to testing tonight. I want to complete this at any cost.
Further to your reply , i have run the tcpdump on the firewall system
while pinging from the dmz system. As you told there is a problem. Now
what I need to do. I attach herewith the tcpdump output.

Please reply.


Regards

Siva
-------------- next part --------------
23:00:13.367010 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:13.401100 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:14.867321 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:14.901293 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:16.367685 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:16.401754 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:17.868216 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:17.902044 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:19.368442 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:19.407560 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:20.868734 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:20.907852 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:22.369156 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:22.403274 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:23.869484 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:23.903635 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:25.369840 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:25.414023 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:26.870164 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:26.904400 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:28.370170 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:28.404837 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:29.870517 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:29.905208 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:31.370853 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:31.405655 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:32.871712 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:32.905968 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:34.372024 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:34.406392 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:35.872986 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:35.906806 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:37.372711 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:37.407152 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:38.872942 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:38.907577 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:40.373481 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:40.407965 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:41.873679 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:41.908340 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:43.374073 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:43.418870 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:44.874406 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:44.909446 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:46.374762 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:46.409514 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:47.875086 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:47.909926 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:49.375458 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:49.410338 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:50.875800 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:50.910692 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:52.376120 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:52.411107 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:53.876520 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:53.911505 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:55.376856 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:55.411879 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:56.877168 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:56.912272 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:58.377594 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:58.412682 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:00:59.877964 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:00:59.913078 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:01.378344 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:01.413502 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:02.878620 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:02.913860 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:04.378996 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:04.414341 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:05.879322 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:05.939687 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:07.379648 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:07.415029 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:08.880172 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:08.915412 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:10.380421 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:10.415861 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:11.880757 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:11.916210 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:13.381086 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:13.416615 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:14.881422 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:14.917017 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:16.381802 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:16.442440 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:17.882099 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:17.927821 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:19.382486 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:19.418211 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:20.882830 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:20.918564 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:22.383237 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:22.418979 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:23.883520 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:23.919377 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:25.383893 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:25.419784 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:26.884283 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:26.925136 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:28.384635 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:28.420556 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:29.884932 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:29.920939 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:31.385282 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:31.421373 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:32.885675 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:32.921718 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:34.386014 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:34.422174 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:35.886365 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:35.947511 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:37.386694 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:37.422875 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:38.887050 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:38.923295 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:40.387427 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:40.458714 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:41.887740 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:41.924084 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply
23:01:43.388166 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 >
203.124.152.65: icmp: echo request
23:01:43.424467 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 >
203.124.152.67: icmp: echo reply

------------------------------

_______________________________________________
Shorewall-users mailing list
Post: Shorewall-users@lists.shorewall.net
Subscribe/Unsubscribe:
http://lists.shorewall.net/mailman/listinfo/shorewall-users
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm

End of Shorewall-users Digest, Vol 3, Issue 72
**********************************************
Maybe Matching Threads

Search for more maybe matching threads
Shorewall users - Feb 2003 - Re: Exchange Server in DMZ (i-hacked.com)

[Shorewall-users] Re: Exchange Server in DMZ (i-hacked.com)

Maybe Matching Threads

Wisdom of the Ancients
