Hello, This post is only to thank Tom for his hard work and support, im verry gratefull from your work and promply resposes wen we need some help also fot the great product you have and gave to all of us. We almost allways take for granted wen something is working (maybe we expect it to be that way) and we bitch when something is not doing as we supose it should, we have to remember that we are here to help each other and lern from each other also, and learn to say thanks for all the hours you have spent helping us in our venues. Yours Truly Fernando Rodriguez AITelecom ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Hi, I can only agree - and let me add that shorewall is the OSS that I''ve seen both the fastest and most competent responses from! In my opinion, quite an accomplishment. Thank you! ~David On 8/26/06, Fernando Rodriguez <frod@aitelecom.net> wrote:> > > Hello, > > This post is only to thank Tom for his hard work and support, im verry > gratefull from your work and promply resposes wen we need some help also fot > the great product you have and gave to all of us. > > We almost allways take for granted wen something is working (maybe we expect > it to be that way) and we bitch when something is not doing as we supose it > should, we have to remember that we are here to help each other and lern > from each other also, and learn to say thanks for all the hours you have > spent helping us in our venues. > > Yours Truly > > > Fernando Rodriguez > AITelecom > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
David Mohr wrote:> Hi, > I can only agree - and let me add that shorewall is the OSS that I''ve > seen both the fastest and most competent responses from! In my > opinion, quite an accomplishment. Thank you! > > rs >Agreed in regard to the two previous posts. I''m the IT Director for 4 national charities and one for-profit business. And as I tell *all* the foss developers who make code I use: There are Children, Firefighters, Elderly Persons, and at least one sys admin (me) who have better lives because... well just because. The positive social aspects of foss are countless. Tom should take a bow. -- Michael Cozzi cozzi@cozziconsulting.com ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Michael Cozzi wrote:> > > Tom should take a bow. >Thank you to all for the kind words, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Thank you for your time. Some thin rare in shorewall I''m try to connect to a secure page throw a transparent proxy and it fail, look at the info I found that in the first connection it apply rule 12 (number are writer here not only to explain it) correctly, but after it the page must began a connection throw port 80 and shorewal apply rule 14 instead of rule 10 and it fail. In all the other web page it go fine. Can you explain it? My shorewall version is 2.2.3 # # Shorewall version 2.2 - Rules File # # /etc/shorewall/rules # PORT PORT(S) DEST # ACCEPT net:130.252.100.69,130.252.100.70 fw \ # tcp 22 #################################################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT GROUP 1 AllowSSH all all 2 AllowSMB nave fw 3 AllowSMB hvn fw 4 AllowTelnet nave all #AllowVNC rcja all 5 AllowPing all all 6 AllowPOP3 nave rcja 7 AllowSMTP nave rcja 8 AllowDNS nave fw 9 AllowNTP nave all 10REDIRECT:info nave 8080 tcp www - !10.0.0.0/8 11REDIRECT:info nave 8080 tcp www - 10.160.4.162 12REDIRECT:info nave 8080 tcp 443 - !10.0.0.0/8 13REDIRECT:info nave 8080 tcp 443 - 10.160.4.162 14AllowWeb:info nave rcja tcp ACCEPT nave $FW tcp 67 ACCEPT nave fw tcp 68 ACCEPT nave fw udp 67 ACCEPT nave fw udp 68 ACCEPT hvn $FW tcp 10000 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE Sep 11 12:22:39 proxynave1 kernel: Shorewall:nave_dnat:REDIRECT:IN=br0 OUT= PHYSIN=eth0 MAC=00:00:0c:07:ac:01:00:01:29:23:33:4d:08:00 SRC=10.104.88.8 DST=212.163.0.22 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=52240 DF PROTO=TCP SPT=1264 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 Sep 11 12:27:40 proxynave1 kernel: Shorewall:nave_dnat:REDIRECT:IN=br0 OUT= PHYSIN=eth0 MAC=00:00:0c:07:ac:01:00:01:29:23:33:4d:08:00 SRC=10.104.88.8 DST=212.163.0.22 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60479 DF PROTO=TCP SPT=1265 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 Sep 11 12:32:46 proxynave1 kernel: Shorewall:AllowWeb:ACCEPT:IN=br0 OUT=br0 PHYSIN=eth0 PHYSOUT=eth1 SRC=10.104.88.8 DST=212.163.0.22 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=3286 DF PROTO=TCP SPT=1263 DPT=80 WINDOW=0 RES=0x00 ACK RST URGP=0 Sep 11 12:32:46 proxynave1 kernel: Shorewall:AllowWeb:ACCEPT:IN=br0 OUT=br0 PHYSIN=eth0 PHYSOUT=eth1 SRC=10.104.88.8 DST=212.163.0.22 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=3287 DF PROTO=TCP SPT=1262 DPT=80 WINDOW=0 RES=0x00 ACK RST URGP=0 Sep 11 12:32:46 proxynave1 kernel: Shorewall:AllowWeb:ACCEPT:IN=br0 OUT=br0 PHYSIN=eth0 PHYSOUT=eth1 SRC=10.104.88.8 DST=212.163.0.22 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=3288 DF PROTO=TCP SPT=1257 DPT=80 WINDOW=0 RES=0x00 ACK RST URGP=0 -- Por favor, NO utilice formatos de archivo propietarios para el intercambio de documentos, como DOC y XLS, sino HTML, RTF, TXT, CSV o cualquier otro que no obligue a utilizar un programa de un fabricante concreto para tratar la información contenida en él. SALUD. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Trujillo Carmona, Antonio wrote:> Thank you for your time. > Some thin rare in shorewall > I''m try to connect to a secure page throw a transparent proxy and it > failThat''s because it is not possible to use transparent proxy with HTTPS. From http://www.shorewall.net/Shorewall_Squid_Usage.html: ---------------------------------------------------------------------- Important This section gives instructions for transparent proxying of HTTP. HTTPS (normally TCP port 443) cannot be proxied transparently (stop and think about it for a minute; if HTTPS could be transparently proxied, then how secure would it be?). ----------------------------------------------------------------------- -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642