My shorewall 3.4.8 update to 4.4.25.3 using rpm, there were no errors in the update, but I have a detail in the rules, myserver is a proxy firewall (squid / Shorewall) if I can navigate through the pages I can even filter it well, my details areHTTPS pages, I can not open any, which with the previousversion if you could. I have the following: shorewall/interfaces net eth1 detect nosmurfs,blacklist loc eth0 detect routefilter,blacklist,tcpflags,nosmurfs,logmartians shorewall/zone fw firewall net ipv4 loc ipv4 shorewall/policy fw all ACCEPT net all DROP loc net ACCEPT loc fw REJECT info loc all REJECT info shorewall/rules REDIRECT loc 8080 tcp 80,81,82,3128,8000,8080 ACCEPT loc net tcp 443 ACCEPT net loc tcp 443 I can answer simple rules well I filter the internet, the onlydetail is that I will not have the pages https (port 443) are well my rules? Greetings!! -- I.S.C. William López Jiménez -- User Linux # 379636 MSN wljkoala23@hotmail.com Jabber koalasoft@jabber.org Web: www.koalasoftmx.tk Twitter: @koalasoft Facebook: william.koalasoft ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
I have only access checking on port 80, no other port is open, this will check with pages that scan public IP. All this happened since I upgrade to this version, with version3.4.8 had no problem. any ideas? 2012/3/9 I.S.C. William <william.koalasoft@gmail.com>> My shorewall 3.4.8 update to 4.4.25.3 using rpm, there were no errors in > the update, but I have a detail in the rules, myserver is a proxy firewall > (squid / Shorewall) if I can navigate through the pages I can even filter > it well, my details areHTTPS pages, I can not open any, which with the > previousversion if you could. I have the following: > > shorewall/interfaces > > net eth1 detect nosmurfs,blacklist > loc eth0 detect > routefilter,blacklist,tcpflags,nosmurfs,logmartians > > shorewall/zone > > fw firewall > net ipv4 > loc ipv4 > > > shorewall/policy > > fw all ACCEPT > net all DROP > loc net ACCEPT > loc fw REJECT info > loc all REJECT info > > > shorewall/rules > > REDIRECT loc 8080 tcp 80,81,82,3128,8000,8080 > ACCEPT loc net tcp 443 > ACCEPT net loc tcp 443 > > I can answer simple rules well I filter the internet, the onlydetail is > that I will not have the pages https (port 443) are well my rules? > > Greetings!! > > > > -- > I.S.C. William López Jiménez > -- > User Linux # 379636 > MSN wljkoala23@hotmail.com > Jabber koalasoft@jabber.org > Web: www.koalasoftmx.tk > Twitter: @koalasoft > Facebook: william.koalasoft > >-- I.S.C. William López Jiménez -- User Linux # 379636 MSN wljkoala23@hotmail.com Jabber koalasoft@jabber.org Web: www.koalasoftmx.tk Twitter: @koalasoft Facebook: william.koalasoft ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
William, Can you provide more details as to how you are trying to access the https paages? For example, can you give an example of a URL that you are trying to access and what ever error or unexpected behavior you observe? Also, if you provide the output of ''shorewall dump'' we could help with troubleshooting your issue. Regards, -Roberto On Fri, Mar 09, 2012 at 05:35:19PM -0600, I.S.C. William wrote:> I have only access checking on port 80, no other port is open, this will check > with pages that scan public IP. > All this happened since I upgrade to this version, with version3.4.8 had no > problem. > > any ideas? > > > > 2012/3/9 I.S.C. William <william.koalasoft@gmail.com> > > > My shorewall 3.4.8 update to 4.4.25.3 using rpm, there were no errors in > > the update, but I have a detail in the rules, myserver is a proxy firewall > > (squid / Shorewall) if I can navigate through the pages I can even filter > > it well, my details areHTTPS pages, I can not open any, which with the > > previousversion if you could. I have the following: > > > > shorewall/interfaces > > > > net eth1 detect nosmurfs,blacklist > > loc eth0 detect > > routefilter,blacklist,tcpflags,nosmurfs,logmartians > > > > shorewall/zone > > > > fw firewall > > net ipv4 > > loc ipv4 > > > > > > shorewall/policy > > > > fw all ACCEPT > > net all DROP > > loc net ACCEPT > > loc fw REJECT info > > loc all REJECT info > > > > > > shorewall/rules > > > > REDIRECT loc 8080 tcp 80,81,82,3128,8000,8080 > > ACCEPT loc net tcp 443 > > ACCEPT net loc tcp 443 > > > > I can answer simple rules well I filter the internet, the onlydetail is > > that I will not have the pages https (port 443) are well my rules? > > > > Greetings!! > > > > > > > > -- > > I.S.C. William López Jiménez > > -- > > User Linux # 379636 > > MSN wljkoala23@hotmail.com > > Jabber koalasoft@jabber.org > > Web: www.koalasoftmx.tk > > Twitter: @koalasoft > > Facebook: william.koalasoft > > > > > > > -- > I.S.C. William López Jiménez > -- > User Linux # 379636 > MSN wljkoala23@hotmail.com > Jabber koalasoft@jabber.org > Web: www.koalasoftmx.tk > Twitter: @koalasoft > Facebook: william.koalasoft-- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
For example, try entering this site: https://www.cardiologia.org.mx/ and brand connection error only. and I can deduce that if the firewall since it off and if you enter the site. I did a test on the site: http://www.whatsmyip.org/port-scanner/server/ and I mark that the port is closed least 80, and with the firewallup. 2012/3/9 Roberto C. Sánchez <roberto@connexer.com>> William, > > Can you provide more details as to how you are trying to access the > https paages? For example, can you give an example of a URL that you > are trying to access and what ever error or unexpected behavior you > observe? > > Also, if you provide the output of ''shorewall dump'' we could help with > troubleshooting your issue. > > Regards, > > -Roberto > > On Fri, Mar 09, 2012 at 05:35:19PM -0600, I.S.C. William wrote: > > I have only access checking on port 80, no other port is open, this will > check > > with pages that scan public IP. > > All this happened since I upgrade to this version, with version3.4.8 had > no > > problem. > > > > any ideas? > > > > > > > > 2012/3/9 I.S.C. William <william.koalasoft@gmail.com> > > > > > My shorewall 3.4.8 update to 4.4.25.3 using rpm, there were no errors > in > > > the update, but I have a detail in the rules, myserver is a proxy > firewall > > > (squid / Shorewall) if I can navigate through the pages I can even > filter > > > it well, my details areHTTPS pages, I can not open any, which with the > > > previousversion if you could. I have the following: > > > > > > shorewall/interfaces > > > > > > net eth1 detect nosmurfs,blacklist > > > loc eth0 detect > > > routefilter,blacklist,tcpflags,nosmurfs,logmartians > > > > > > shorewall/zone > > > > > > fw firewall > > > net ipv4 > > > loc ipv4 > > > > > > > > > shorewall/policy > > > > > > fw all ACCEPT > > > net all DROP > > > loc net ACCEPT > > > loc fw REJECT info > > > loc all REJECT info > > > > > > > > > shorewall/rules > > > > > > REDIRECT loc 8080 tcp 80,81,82,3128,8000,8080 > > > ACCEPT loc net tcp 443 > > > ACCEPT net loc tcp 443 > > > > > > I can answer simple rules well I filter the internet, the onlydetail is > > > that I will not have the pages https (port 443) are well my rules? > > > > > > Greetings!! > > > > > > > > > > > > -- > > > I.S.C. William López Jiménez > > > -- > > > User Linux # 379636 > > > MSN wljkoala23@hotmail.com > > > Jabber koalasoft@jabber.org > > > Web: www.koalasoftmx.tk > > > Twitter: @koalasoft > > > Facebook: william.koalasoft > > > > > > > > > > > > -- > > I.S.C. William López Jiménez > > -- > > User Linux # 379636 > > MSN wljkoala23@hotmail.com > > Jabber koalasoft@jabber.org > > Web: www.koalasoftmx.tk > > Twitter: @koalasoft > > Facebook: william.koalasoft > > > -- > Roberto C. Sánchez > http://people.connexer.com/~roberto > http://www.connexer.com > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iQIcBAEBCAAGBQJPWtNVAAoJECzXeF7dp7IPIJYP/01Lc2ZfB/DdVAaSxyKCuawl > kDcLAJ0ryojoA4iQdIltO8O4kpyAmAmsHY7Mj/GRYRqro0JSfQ+yGNIbIk2hWS+0 > zNqlPhWKdLsgAbXT7C45k6j5w1KzzfuxkkJoNsrQhi2TFy1eclLshDyniilMbeKY > H3g2H/1e8bQ6Rof6Qi6rj0Eu39jdbz7V2ReZLq8SoniTLIodhSx/5BXXTiezz8y0 > 9Qc8edoT08qpeh82TnhQ3dcLNf+iFni0Z7D8cIJ8b3KEsAzO7shsNdlnuh9tV6du > jZU+P4AbejEh/K3oAXLu+oErMqT9nioMJwsMAyQ/JBF5TaRcPzH5jivQM2l0LhKy > IFZY6Si3tMF7OI3yVpFPe3hPC/xbbLt3+LXvkS1u7SoVIJXsShW0HgKLv/yR0xm8 > d9DqcKzY8Cf0e31QHeQYTaRarZAK1mc9DYyIRPaoPESxj5mzh41MfR7NB9D9s/Pc > FPwgJUYRdNELjgT8e8klhqFSuL1zv2/2iGaFrOHxLQ/5SvkT9jkRQc80zNgIIB7o > Q7BE/PuKbAh5sa1V6i30eBhqFXb6cCmC7F9Xo9UZx7TxG45jyDMXsfa33TwEVn/M > VLeT8L7sGsOLCRRiLKHLIQlhvMeCI8Aw+Xuz7OhR+lWW2WChqpCCt9HshKEQJpBC > iTLb6D63nGkzPxq03vLn > =/Z7o > -----END PGP SIGNATURE----- > >-- I.S.C. William López Jiménez -- User Linux # 379636 MSN wljkoala23@hotmail.com Jabber koalasoft@jabber.org Web: www.koalasoftmx.tk Twitter: @koalasoft Facebook: william.koalasoft ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
On 03/10/2012 05:39 AM, I.S.C. William wrote:> For example, try entering this site: > > https://www.cardiologia.org.mx/ > > and brand connection error only. and I can deduce > that if the firewall since it off and if you enter the site. > > I did a test on the site: > http://www.whatsmyip.org/port-scanner/server/ > > and I mark that the port is closed least 80, and with the firewallup.That has nothing to do with being able to connect to a site. Please: a) shorewall reset b) try to connect to the site c) shorewall dump > dump.txt Send me the dump.txt file as an attachment and tell me if you were trying to connect from the firewall itself or from a system behind the firewall. If from a system behind the firewall, please include that system''s ip address. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
William, Having an external port scanner tell you that your port 80 is should have nothing to do with you not being able to connect to an IP outside your network on port 443. Please provide the output of ''shorewall dump'' in order for us to help identify the problem. Regards, -Roberto On Sat, Mar 10, 2012 at 07:39:48AM -0600, I.S.C. William wrote:> For example, try entering this site: > > https://www.cardiologia.org.mx/ > > and brand connection error only. and I can deduce that if the firewall since > it off and if you enter the site. > > I did a test on the site: > http://www.whatsmyip.org/port-scanner/server/ > > and I mark that the port is closed least 80, and with the firewallup. > > > > 2012/3/9 Roberto C. Sánchez <roberto@connexer.com> > > > William, > > > > Can you provide more details as to how you are trying to access the > > https paages? For example, can you give an example of a URL that you > > are trying to access and what ever error or unexpected behavior you > > observe? > > > > Also, if you provide the output of ''shorewall dump'' we could help with > > troubleshooting your issue. > > > > Regards, > > > > -Roberto > > > > On Fri, Mar 09, 2012 at 05:35:19PM -0600, I.S.C. William wrote: > > > I have only access checking on port 80, no other port is open, this will > > check > > > with pages that scan public IP. > > > All this happened since I upgrade to this version, with version3.4.8 had > > no > > > problem. > > > > > > any ideas? > > > > > > > > > > > > 2012/3/9 I.S.C. William <william.koalasoft@gmail.com> > > > > > > > My shorewall 3.4.8 update to 4.4.25.3 using rpm, there were no errors > > in > > > > the update, but I have a detail in the rules, myserver is a proxy > > firewall > > > > (squid / Shorewall) if I can navigate through the pages I can even > > filter > > > > it well, my details areHTTPS pages, I can not open any, which with the > > > > previousversion if you could. I have the following: > > > > > > > > shorewall/interfaces > > > > > > > > net eth1 detect nosmurfs,blacklist > > > > loc eth0 detect > > > > routefilter,blacklist,tcpflags,nosmurfs,logmartians > > > > > > > > shorewall/zone > > > > > > > > fw firewall > > > > net ipv4 > > > > loc ipv4 > > > > > > > > > > > > shorewall/policy > > > > > > > > fw all ACCEPT > > > > net all DROP > > > > loc net ACCEPT > > > > loc fw REJECT info > > > > loc all REJECT info > > > > > > > > > > > > shorewall/rules > > > > > > > > REDIRECT loc 8080 tcp 80,81,82,3128,8000,8080 > > > > ACCEPT loc net tcp 443 > > > > ACCEPT net loc tcp 443 > > > > > > > > I can answer simple rules well I filter the internet, the onlydetail is > > > > that I will not have the pages https (port 443) are well my rules? > > > > > > > > Greetings!! > > > > > > > > > > > > > > > > -- > > > > I.S.C. William López Jiménez > > > > -- > > > > User Linux # 379636 > > > > MSN wljkoala23@hotmail.com > > > > Jabber koalasoft@jabber.org > > > > Web: www.koalasoftmx.tk > > > > Twitter: @koalasoft > > > > Facebook: william.koalasoft > > > > > > > > > > > > > > > > > -- > > > I.S.C. William López Jiménez > > > -- > > > User Linux # 379636 > > > MSN wljkoala23@hotmail.com > > > Jabber koalasoft@jabber.org > > > Web: www.koalasoftmx.tk > > > Twitter: @koalasoft > > > Facebook: william.koalasoft > > > > > > -- > > Roberto C. Sánchez > > http://people.connexer.com/~roberto > > http://www.connexer.com > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.10 (GNU/Linux) > > > > iQIcBAEBCAAGBQJPWtNVAAoJECzXeF7dp7IPIJYP/01Lc2ZfB/DdVAaSxyKCuawl > > kDcLAJ0ryojoA4iQdIltO8O4kpyAmAmsHY7Mj/GRYRqro0JSfQ+yGNIbIk2hWS+0 > > zNqlPhWKdLsgAbXT7C45k6j5w1KzzfuxkkJoNsrQhi2TFy1eclLshDyniilMbeKY > > H3g2H/1e8bQ6Rof6Qi6rj0Eu39jdbz7V2ReZLq8SoniTLIodhSx/5BXXTiezz8y0 > > 9Qc8edoT08qpeh82TnhQ3dcLNf+iFni0Z7D8cIJ8b3KEsAzO7shsNdlnuh9tV6du > > jZU+P4AbejEh/K3oAXLu+oErMqT9nioMJwsMAyQ/JBF5TaRcPzH5jivQM2l0LhKy > > IFZY6Si3tMF7OI3yVpFPe3hPC/xbbLt3+LXvkS1u7SoVIJXsShW0HgKLv/yR0xm8 > > d9DqcKzY8Cf0e31QHeQYTaRarZAK1mc9DYyIRPaoPESxj5mzh41MfR7NB9D9s/Pc > > FPwgJUYRdNELjgT8e8klhqFSuL1zv2/2iGaFrOHxLQ/5SvkT9jkRQc80zNgIIB7o > > Q7BE/PuKbAh5sa1V6i30eBhqFXb6cCmC7F9Xo9UZx7TxG45jyDMXsfa33TwEVn/M > > VLeT8L7sGsOLCRRiLKHLIQlhvMeCI8Aw+Xuz7OhR+lWW2WChqpCCt9HshKEQJpBC > > iTLb6D63nGkzPxq03vLn > > =/Z7o > > -----END PGP SIGNATURE----- > > > > > > > -- > I.S.C. William López Jiménez > -- > User Linux # 379636 > MSN wljkoala23@hotmail.com > Jabber koalasoft@jabber.org > Web: www.koalasoftmx.tk > Twitter: @koalasoft > Facebook: william.koalasoft-- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
Hi .. I try this: a) shorewall reset b) try to connect to the site but not enter the site : https://www.cardiologia.org.mx/ and other site https Send my shorewall dump for check .. thank for support Firewall (squid/shorewall): eth0: 130.3.100.9 IP Public: eth1: 201.147.138.213 PC client LAN: 130.3.201.74 Is behind the firewall my PC client. Greeting!! My Shorewall version 4.4.25.3 2012/3/10 Roberto C. Sánchez <roberto@connexer.com>> William, > > Having an external port scanner tell you that your port 80 is should > have nothing to do with you not being able to connect to an IP outside > your network on port 443. Please provide the output of ''shorewall dump'' > in order for us to help identify the problem. > > Regards, > > -Roberto > > On Sat, Mar 10, 2012 at 07:39:48AM -0600, I.S.C. William wrote: > > For example, try entering this site: > > > > https://www.cardiologia.org.mx/ > > > > and brand connection error only. and I can deduce that if the firewall > since > > it off and if you enter the site. > > > > I did a test on the site: > > http://www.whatsmyip.org/port-scanner/server/ > > > > and I mark that the port is closed least 80, and with the firewallup. > > > > > > > > 2012/3/9 Roberto C. Sánchez <roberto@connexer.com> > > > > > William, > > > > > > Can you provide more details as to how you are trying to access the > > > https paages? For example, can you give an example of a URL that you > > > are trying to access and what ever error or unexpected behavior you > > > observe? > > > > > > Also, if you provide the output of ''shorewall dump'' we could help with > > > troubleshooting your issue. > > > > > > Regards, > > > > > > -Roberto > > > > > > On Fri, Mar 09, 2012 at 05:35:19PM -0600, I.S.C. William wrote: > > > > I have only access checking on port 80, no other port is open, this > will > > > check > > > > with pages that scan public IP. > > > > All this happened since I upgrade to this version, with version3.4.8 > had > > > no > > > > problem. > > > > > > > > any ideas? > > > > > > > > > > > > > > > > 2012/3/9 I.S.C. William <william.koalasoft@gmail.com> > > > > > > > > > My shorewall 3.4.8 update to 4.4.25.3 using rpm, there were no > errors > > > in > > > > > the update, but I have a detail in the rules, myserver is a proxy > > > firewall > > > > > (squid / Shorewall) if I can navigate through the pages I can even > > > filter > > > > > it well, my details areHTTPS pages, I can not open any, which with > the > > > > > previousversion if you could. I have the following: > > > > > > > > > > shorewall/interfaces > > > > > > > > > > net eth1 detect nosmurfs,blacklist > > > > > loc eth0 detect > > > > > routefilter,blacklist,tcpflags,nosmurfs,logmartians > > > > > > > > > > shorewall/zone > > > > > > > > > > fw firewall > > > > > net ipv4 > > > > > loc ipv4 > > > > > > > > > > > > > > > shorewall/policy > > > > > > > > > > fw all ACCEPT > > > > > net all DROP > > > > > loc net ACCEPT > > > > > loc fw REJECT info > > > > > loc all REJECT info > > > > > > > > > > > > > > > shorewall/rules > > > > > > > > > > REDIRECT loc 8080 tcp 80,81,82,3128,8000,8080 > > > > > ACCEPT loc net tcp 443 > > > > > ACCEPT net loc tcp 443 > > > > > > > > > > I can answer simple rules well I filter the internet, the > onlydetail is > > > > > that I will not have the pages https (port 443) are well my rules? > > > > > > > > > > Greetings!! > > > > > > > > > > > > > > > > > > > > -- > > > > > I.S.C. William López Jiménez > > > > > -- > > > > > User Linux # 379636 > > > > > MSN wljkoala23@hotmail.com > > > > > Jabber koalasoft@jabber.org > > > > > Web: www.koalasoftmx.tk > > > > > Twitter: @koalasoft > > > > > Facebook: william.koalasoft > > > > > > > > > > > > > > > > > > > > > > -- > > > > I.S.C. William López Jiménez > > > > -- > > > > User Linux # 379636 > > > > MSN wljkoala23@hotmail.com > > > > Jabber koalasoft@jabber.org > > > > Web: www.koalasoftmx.tk > > > > Twitter: @koalasoft > > > > Facebook: william.koalasoft > > > > > > > > > -- > > > Roberto C. Sánchez > > > http://people.connexer.com/~roberto > > > http://www.connexer.com > > > > > > -----BEGIN PGP SIGNATURE----- > > > Version: GnuPG v1.4.10 (GNU/Linux) > > > > > > iQIcBAEBCAAGBQJPWtNVAAoJECzXeF7dp7IPIJYP/01Lc2ZfB/DdVAaSxyKCuawl > > > kDcLAJ0ryojoA4iQdIltO8O4kpyAmAmsHY7Mj/GRYRqro0JSfQ+yGNIbIk2hWS+0 > > > zNqlPhWKdLsgAbXT7C45k6j5w1KzzfuxkkJoNsrQhi2TFy1eclLshDyniilMbeKY > > > H3g2H/1e8bQ6Rof6Qi6rj0Eu39jdbz7V2ReZLq8SoniTLIodhSx/5BXXTiezz8y0 > > > 9Qc8edoT08qpeh82TnhQ3dcLNf+iFni0Z7D8cIJ8b3KEsAzO7shsNdlnuh9tV6du > > > jZU+P4AbejEh/K3oAXLu+oErMqT9nioMJwsMAyQ/JBF5TaRcPzH5jivQM2l0LhKy > > > IFZY6Si3tMF7OI3yVpFPe3hPC/xbbLt3+LXvkS1u7SoVIJXsShW0HgKLv/yR0xm8 > > > d9DqcKzY8Cf0e31QHeQYTaRarZAK1mc9DYyIRPaoPESxj5mzh41MfR7NB9D9s/Pc > > > FPwgJUYRdNELjgT8e8klhqFSuL1zv2/2iGaFrOHxLQ/5SvkT9jkRQc80zNgIIB7o > > > Q7BE/PuKbAh5sa1V6i30eBhqFXb6cCmC7F9Xo9UZx7TxG45jyDMXsfa33TwEVn/M > > > VLeT8L7sGsOLCRRiLKHLIQlhvMeCI8Aw+Xuz7OhR+lWW2WChqpCCt9HshKEQJpBC > > > iTLb6D63nGkzPxq03vLn > > > =/Z7o > > > -----END PGP SIGNATURE----- > > > > > > > > > > > > -- > > I.S.C. William López Jiménez > > -- > > User Linux # 379636 > > MSN wljkoala23@hotmail.com > > Jabber koalasoft@jabber.org > > Web: www.koalasoftmx.tk > > Twitter: @koalasoft > > Facebook: william.koalasoft > > > -- > Roberto C. Sánchez > http://people.connexer.com/~roberto > http://www.connexer.com > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iQIcBAEBCAAGBQJPW3d9AAoJECzXeF7dp7IPhlwP/A7NXSOWg6MMSuQrzsDBYGlW > xGnS5h8ATbfHQM5L7k8QOuxpgO4mpudQBob6AJ9X1kdxW4H7dOZ3Frog/oH9c9d2 > CDXcUFBTbWEiXOlTTLi2hGoihiJ9W65OXPovD6zV4JQYugFQvIpZetYX/Lh6NQDh > GZsPcIgzmqn2wFiPJdU4KPKQkU+XEQJLpJSzkivlzZfR2Pe33AVigNmiu6SUYxRZ > LLi3jGDHfRIINQUPu6Ue8M5xe+C17/GI08mKmVnXZa3T7mOBCLLCTi1ZmP3o5uC6 > v+Zd/KnHFCuZf8Lk6yo4mJDWzMilzgk9CEzmztZ9fJL7ZpBAIeP5y2uA+2Jj1qaP > UfbZeTpmD8zDqeCb1srgr1iXjdTCJH6MBm7PmzPlEfm79YqIkG0OnFg6oovII524 > 00VqL4LWKKN9+w+kzNJXclAnI5ZSJju+WfmiTy7ceI2LHBLs0FDEulfBr2YoIvET > 8FoQAv6X9ChrZPqly9/MytGQPHKilWyND3lq+VnKtdJz+Q/1H1RBZwMwUWu1Gjlo > A7XB/wY6tYS5Uco1K6HNjkkACXZjH2AIAN14/1TMDiS+nASMno+aSAWT/kcsYqjA > e3HQ1g3u8M9l0GtD9ZkborpLRVFZhePaU+FhrmaogOpqZA095rgHPQ5qpp8SlMzb > uNM1dtVsfNuggRHgdhx9 > =XcwT > -----END PGP SIGNATURE----- > >-- I.S.C. William López Jiménez -- User Linux # 379636 MSN wljkoala23@hotmail.com Jabber koalasoft@jabber.org Web: www.koalasoftmx.tk Twitter: @koalasoft Facebook: william.koalasoft ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
On 03/13/2012 06:06 AM, I.S.C. William wrote:> Hi .. > > I try this: > > a) shorewall reset > b) try to connect to the site > > but not enter the site : https://www.cardiologia.org.mx/ and other > site https > > Send my shorewall dump for check .. thank for support >There is an important point that you missed; when connections don''t work, you should look at the log to see if the firewall is blocking the connection. From the dump you sent: Mar 13 06:54:55 loc2net:REJECT:IN=eth0 OUT=eth1 SRC=130.3.201.74 DST=157.56.52.23 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=18237 DF PROTO=TCP SPT=2097 DPT=443 WINDOW=16384 RES=0x00 SYN URGP=0 So you don''t have a rule that allows TCP 443 from the ''loc'' zone to the ''net'' zone. You can correct this by adding this rule: ACCEPT loc net tcp 443 I can''t explain why this apparently worked when running 3.4.8; is should not have. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
2012/3/14 I.S.C. William <william.koalasoft@gmail.com>> By the way, I happened to mention that you add this rule: > > shorewall/rules: > > HTTPS(ACCEPT) loc net tcp > > and I could browse https pages =) > > > 2012/3/14 I.S.C. William <william.koalasoft@gmail.com> > > Thank you very much, apparently that was the detail, and to place the >> rule that you show me here and I could surf normally. >> >> Thank you and there''ll be bothering with other queries in the future. >> >> >> 2012/3/13 Tom Eastep <teastep@shorewall.net> >> >>> >>> >>> -------- Original Message -------- >>> Subject: Re: [Shorewall-users] After the update will not open https >>> Date: Tue, 13 Mar 2012 13:00:06 -0700 >>> From: Tom Eastep <teastep@shorewall.net> >>> To: I.S.C. William <william.koalasoft@gmail.com> >>> >>> On 03/13/2012 11:32 AM, I.S.C. William wrote: >>> > this message send: >>> > >>> > 6 111 SYN_SENT src=130.3.201.74 dst=201.116.82.35 sport=4337 dport=443 >>> > packets=3 bytes=144 [UNREPLIED ] src=201.116.82.35 >>> > dst=130.3.201.74 sport=443 dport=4337 packets=0 bytes=0 mark=0 >>> secmark=0 >>> > use=1 >>> > tcp 6 92 SYN_SENT src=130.3.201.74 dst=213.146.189.201 sport=4302 >>> > dport=443 packets=3 bytes=144 [UNREPLIE D] src=213.146.189.201 >>> > dst=130.3.201.74 sport=443 dport=4302 packets=0 bytes=0 mark=0 >>> secmark=0 >>> > use=1 >>> > >>> > when I enter site https://www.cardiologia.org.mx/ (cardiologia.org.mx >>> > <http://ardiologia.org.mx> - 201.116.82.35) >>> >>> I suspect that your /etc/shorewall/masq entries are wrong. >>> >>> I suggest that you replace all of the entries that you have currently >>> with this single entry: >>> >>> #INTERFACE SOURCE ADDRESS ... >>> eth1 0.0.0.0/0 >>> >>> -Tom >>> -- >>> Tom Eastep \ When I die, I want to go like my Grandfather who >>> Shoreline, \ died peacefully in his sleep. Not screaming like >>> Washington, USA \ all of the passengers in his car >>> http://shorewall.net \________________________________________________ >>> >>> >>> >>> >> >> >> -- >> I.S.C. William López Jiménez >> -- >> User Linux # 379636 >> MSN wljkoala23@hotmail.com >> Jabber koalasoft@jabber.org >> Web: www.koalasoftmx.tk >> Twitter: @koalasoft >> Facebook: william.koalasoft >> >> > > > -- > I.S.C. William López Jiménez > -- > User Linux # 379636 > MSN wljkoala23@hotmail.com > Jabber koalasoft@jabber.org > Web: www.koalasoftmx.tk > Twitter: @koalasoft > Facebook: william.koalasoft > >-- I.S.C. William López Jiménez -- User Linux # 379636 MSN wljkoala23@hotmail.com Jabber koalasoft@jabber.org Web: www.koalasoftmx.tk Twitter: @koalasoft Facebook: william.koalasoft ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/