Shorewall users - Sep 2012 - Shorewall now running correctly, but having DMZ issues

First off, thanks to Laurent for helping me resolve my previous issues.  I
really, really appreciate it!

Now, I would like to be able to utilize Shorewall but am having trouble.
When I forward port 80 and 22 through my router there are no issues
connecting to the webserver.

But, I do not want to use the router''s firewall system I wish to use
Shorewall of course.

When I setup IP Passthrough/DMZ config and then reboot my server I see that
it does indeed show my external ip address in ifconfig.

But, I can no longer connect to the web server via ssh or http.  Rather, I
had a friend try it from his system on a different ISP and no luck.

So what''s the issue here?  Again, I''m certain it is something
very simple..

Thanks again in advance!

Painguin


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

On 9/5/12 2:59 PM, David Burton wrote:
> First off, thanks to Laurent for helping me resolve my previous issues. 
> I really, really appreciate it!
> 
> Now, I would like to be able to utilize Shorewall but am having
> trouble.  When I forward port 80 and 22 through my router there are no
> issues connecting to the webserver. 
> 
> But, I do not want to use the router''s firewall system I wish to
use
> Shorewall of course.
> 
> When I setup IP Passthrough/DMZ config and then reboot my server I see
> that it does indeed show my external ip address in ifconfig.
> 
> But, I can no longer connect to the web server via ssh or http.  Rather,
> I had a friend try it from his system on a different ISP and no luck. 
> 
> So what''s the issue here?  Again, I''m certain it is
something very simple..
> 
Did Shorewall start successfully at boot? (shorewall status). If so,
then if you disable shorewall (shorewall clear), does it work? Be sure
to ''shorewall start'' after testing.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Hi Tom,

Yes, Shorewall is starting correctly.  I ran "shorewall status" (all
was
good).  I ran "shorewall clear" and then restarted "shorewall
start".

All seems to be well there...

So, it seems shorewall is up and running just fine....

One thing to note, is that I am running my server as a VM (virtual box).
The VM is sharing my network adapter and thus acquiring an IP via DHCP from
my router.  (In the current configuration with ports 80 and 22 forwarded).

This config works but again, the alternative config (DMZ) is desired.

What can we try now Tom?

Thanks!

PAinguIN

On Wed, Sep 5, 2012 at 8:05 PM, Tom Eastep <teastep@shorewall.net> wrote:
> On 9/5/12 2:59 PM, David Burton wrote:
> > First off, thanks to Laurent for helping me resolve my previous
issues.
> > I really, really appreciate it!
> >
> > Now, I would like to be able to utilize Shorewall but am having
> > trouble.  When I forward port 80 and 22 through my router there are no
> > issues connecting to the webserver.
> >
> > But, I do not want to use the router''s firewall system I wish
to use
> > Shorewall of course.
> >
> > When I setup IP Passthrough/DMZ config and then reboot my server I see
> > that it does indeed show my external ip address in ifconfig.
> >
> > But, I can no longer connect to the web server via ssh or http. 
Rather,
> > I had a friend try it from his system on a different ISP and no luck.
> >
> > So what''s the issue here?  Again, I''m certain it is
something very
> simple..
> >
>
> Did Shorewall start successfully at boot? (shorewall status). If so,
> then if you disable shorewall (shorewall clear), does it work? Be sure
> to ''shorewall start'' after testing.
>
> -Tom
> --
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
>
------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today''s security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>

-- 
David Burton
IT Consultant
600 North St.
Anderson, SC 29621
864-650-3954
burtonsdw@gmail.com


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

On 9/6/12 1:27 PM, David Burton wrote:
> Hi Tom,
> 
> Yes, Shorewall is starting correctly.  I ran "shorewall status"
(all was
> good).  I ran "shorewall clear" and then restarted
"shorewall start".
> 
> All seems to be well there...
> 
> So, it seems shorewall is up and running just fine....
> 
> One thing to note, is that I am running my server as a VM (virtual
> box).  The VM is sharing my network adapter and thus acquiring an IP via
> DHCP from my router.  (In the current configuration with ports 80 and 22
> forwarded).
> 
> This config works but again, the alternative config (DMZ) is desired.
> 
> What can we try now Tom?
Explain your configuration and exactly what you are trying to do.
Because right now I''m lost. Depending on you the VM is sharing your
interface, Shorewall on the host will have no control over server
traffic at all.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

On 9/6/12 3:10 PM, Tom Eastep wrote:
>
> 
> Explain your configuration and exactly what you are trying to do.
> Because right now I''m lost. Depending on you the VM is sharing
your
> interface, Shorewall on the host will have no control over server
> traffic at all.
> 
And please include the output of ''shorewall dump'' (as a text
attachment)
with your explaination.

Thanks,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Ok, I want to build a website of course and usually I would pay for hosting
via an outside organization such as Aplus.net and the like.  However, I
simply wanted to host my own site by setting up my own Linux based web
server and run it as a Virtual Machine rather than dedicating another
physical machine to serve this purpose.

Right now I''m running Ubuntu server 12.04 x64 in Virtual Box. 
I''ve changed
the network settings in Virtual Box from NAT (default) to Bridged thus
sharing my interface as you mentioned.

So now, the VM carries an ip address assigned by the router which follows
the 192.168.x.x format.  I''ve created an extra account for my friend so
that he can access the web server via SSH.  I, of course, had to forward
port 22 to the VM''s ip as well as port 80.

With this current configuration, shorewall serves no purpose as the
router''s firewall is handling all of the incoming/outgoing traffic. 
Rather
it will once the site goes "live".

Now, this configuration may be fine, I''m not sure.  I did, however,
wish to
possess more control over the traffic coming in and going out as well as be
able to setup specific rules in the future if need be.  I can do this with
Shorewall''s functionality but the router I am currently using does not
allow for much.  It''s very basic...

However, perhaps the way things are setup now will be just fine.  Or would
you recommend that I use Shorewall instead of my router''s firewall as
well?

I can provide you with more detailed information if you need it.  Settings
in VirtualBox, router config, etc, etc...

Thanks again!

PAIN

On Thu, Sep 6, 2012 at 6:10 PM, Tom Eastep <teastep@shorewall.net> wrote:
> On 9/6/12 1:27 PM, David Burton wrote:
> > Hi Tom,
> >
> > Yes, Shorewall is starting correctly.  I ran "shorewall
status" (all was
> > good).  I ran "shorewall clear" and then restarted
"shorewall start".
> >
> > All seems to be well there...
> >
> > So, it seems shorewall is up and running just fine....
> >
> > One thing to note, is that I am running my server as a VM (virtual
> > box).  The VM is sharing my network adapter and thus acquiring an IP
via
> > DHCP from my router.  (In the current configuration with ports 80 and
22
> > forwarded).
> >
> > This config works but again, the alternative config (DMZ) is desired.
> >
> > What can we try now Tom?
>
> Explain your configuration and exactly what you are trying to do.
> Because right now I''m lost. Depending on you the VM is sharing
your
> interface, Shorewall on the host will have no control over server
> traffic at all.
>
> -Tom
> --
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
>
------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today''s security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>

-- 
David Burton
IT Consultant
600 North St.
Anderson, SC 29621
864-650-3954
burtonsdw@gmail.com


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

I just received your last message, give me a moment and I will send another
email with the attachment...

On Thu, Sep 6, 2012 at 6:38 PM, David Burton <burtonsdw@gmail.com> wrote:
> Ok, I want to build a website of course and usually I would pay for
> hosting via an outside organization such as Aplus.net and the like.
> However, I simply wanted to host my own site by setting up my own Linux
> based web server and run it as a Virtual Machine rather than dedicating
> another physical machine to serve this purpose.
>
> Right now I''m running Ubuntu server 12.04 x64 in Virtual Box. 
I''ve
> changed the network settings in Virtual Box from NAT (default) to Bridged
> thus sharing my interface as you mentioned.
>
> So now, the VM carries an ip address assigned by the router which follows
> the 192.168.x.x format.  I''ve created an extra account for my
friend so
> that he can access the web server via SSH.  I, of course, had to forward
> port 22 to the VM''s ip as well as port 80.
>
> With this current configuration, shorewall serves no purpose as the
> router''s firewall is handling all of the incoming/outgoing
traffic.  Rather
> it will once the site goes "live".
>
> Now, this configuration may be fine, I''m not sure.  I did,
however, wish
> to possess more control over the traffic coming in and going out as well as
> be able to setup specific rules in the future if need be.  I can do this
> with Shorewall''s functionality but the router I am currently using
does not
> allow for much.  It''s very basic...
>
> However, perhaps the way things are setup now will be just fine.  Or would
> you recommend that I use Shorewall instead of my router''s firewall
as well?
>
> I can provide you with more detailed information if you need it.  Settings
> in VirtualBox, router config, etc, etc...
>
> Thanks again!
>
> PAIN
>
> On Thu, Sep 6, 2012 at 6:10 PM, Tom Eastep <teastep@shorewall.net>
wrote:
>
>> On 9/6/12 1:27 PM, David Burton wrote:
>> > Hi Tom,
>> >
>> > Yes, Shorewall is starting correctly.  I ran "shorewall
status" (all was
>> > good).  I ran "shorewall clear" and then restarted
"shorewall start".
>> >
>> > All seems to be well there...
>> >
>> > So, it seems shorewall is up and running just fine....
>> >
>> > One thing to note, is that I am running my server as a VM (virtual
>> > box).  The VM is sharing my network adapter and thus acquiring an
IP via
>> > DHCP from my router.  (In the current configuration with ports 80
and 22
>> > forwarded).
>> >
>> > This config works but again, the alternative config (DMZ) is
desired.
>> >
>> > What can we try now Tom?
>>
>> Explain your configuration and exactly what you are trying to do.
>> Because right now I''m lost. Depending on you the VM is sharing
your
>> interface, Shorewall on the host will have no control over server
>> traffic at all.
>>
>> -Tom
>> --
>> Tom Eastep        \ When I die, I want to go like my Grandfather who
>> Shoreline,         \ died peacefully in his sleep. Not screaming like
>> Washington, USA     \ all of the passengers in his car
>> http://shorewall.net \________________________________________________
>>
>>
>>
>>
------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today''s security
and
>> threat landscape has changed and how IT managers can respond.
Discussions
>> will include endpoint security, mobile security and the latest in
malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Shorewall-users mailing list
>> Shorewall-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>>
>
>
> --
> David Burton
> IT Consultant
> 600 North St.
> Anderson, SC 29621
> 864-650-3954
> burtonsdw@gmail.com
>
>

-- 
David Burton
IT Consultant
600 North St.
Anderson, SC 29621
864-650-3954
burtonsdw@gmail.com


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Well, I''m having issues copying the output to a text file.

I''m using "sudo shorewall dump > shoredmp.txt

And get "LOGFILE (/var/log/messages) does not exist"

Uhhh, I hate being a novice.  Why isn''t the output being written to the
text file?

On Thu, Sep 6, 2012 at 6:39 PM, David Burton <burtonsdw@gmail.com> wrote:
> I just received your last message, give me a moment and I will send
> another email with the attachment...
>
>
> On Thu, Sep 6, 2012 at 6:38 PM, David Burton <burtonsdw@gmail.com>
wrote:
>
>> Ok, I want to build a website of course and usually I would pay for
>> hosting via an outside organization such as Aplus.net and the like.
>> However, I simply wanted to host my own site by setting up my own Linux
>> based web server and run it as a Virtual Machine rather than dedicating
>> another physical machine to serve this purpose.
>>
>> Right now I''m running Ubuntu server 12.04 x64 in Virtual Box. 
I''ve
>> changed the network settings in Virtual Box from NAT (default) to
Bridged
>> thus sharing my interface as you mentioned.
>>
>> So now, the VM carries an ip address assigned by the router which
follows
>> the 192.168.x.x format.  I''ve created an extra account for my
friend so
>> that he can access the web server via SSH.  I, of course, had to
forward
>> port 22 to the VM''s ip as well as port 80.
>>
>> With this current configuration, shorewall serves no purpose as the
>> router''s firewall is handling all of the incoming/outgoing
traffic.  Rather
>> it will once the site goes "live".
>>
>> Now, this configuration may be fine, I''m not sure.  I did,
however, wish
>> to possess more control over the traffic coming in and going out as
well as
>> be able to setup specific rules in the future if need be.  I can do
this
>> with Shorewall''s functionality but the router I am currently
using does not
>> allow for much.  It''s very basic...
>>
>> However, perhaps the way things are setup now will be just fine.  Or
>> would you recommend that I use Shorewall instead of my
router''s firewall as
>> well?
>>
>> I can provide you with more detailed information if you need it.
>> Settings in VirtualBox, router config, etc, etc...
>>
>> Thanks again!
>>
>> PAIN
>>
>> On Thu, Sep 6, 2012 at 6:10 PM, Tom Eastep
<teastep@shorewall.net> wrote:
>>
>>> On 9/6/12 1:27 PM, David Burton wrote:
>>> > Hi Tom,
>>> >
>>> > Yes, Shorewall is starting correctly.  I ran "shorewall
status" (all
>>> was
>>> > good).  I ran "shorewall clear" and then restarted
"shorewall start".
>>> >
>>> > All seems to be well there...
>>> >
>>> > So, it seems shorewall is up and running just fine....
>>> >
>>> > One thing to note, is that I am running my server as a VM
(virtual
>>> > box).  The VM is sharing my network adapter and thus acquiring
an IP
>>> via
>>> > DHCP from my router.  (In the current configuration with ports
80 and
>>> 22
>>> > forwarded).
>>> >
>>> > This config works but again, the alternative config (DMZ) is
desired.
>>> >
>>> > What can we try now Tom?
>>>
>>> Explain your configuration and exactly what you are trying to do.
>>> Because right now I''m lost. Depending on you the VM is
sharing your
>>> interface, Shorewall on the host will have no control over server
>>> traffic at all.
>>>
>>> -Tom
>>> --
>>> Tom Eastep        \ When I die, I want to go like my Grandfather
who
>>> Shoreline,         \ died peacefully in his sleep. Not screaming
like
>>> Washington, USA     \ all of the passengers in his car
>>> http://shorewall.net
\________________________________________________
>>>
>>>
>>>
>>>
------------------------------------------------------------------------------
>>> Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today''s
security and
>>> threat landscape has changed and how IT managers can respond.
Discussions
>>> will include endpoint security, mobile security and the latest in
malware
>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>> _______________________________________________
>>> Shorewall-users mailing list
>>> Shorewall-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>>
>>>
>>
>>
>> --
>> David Burton
>> IT Consultant
>> 600 North St.
>> Anderson, SC 29621
>> 864-650-3954
>> burtonsdw@gmail.com
>>
>>
>
>
> --
> David Burton
> IT Consultant
> 600 North St.
> Anderson, SC 29621
> 864-650-3954
> burtonsdw@gmail.com
>
>

-- 
David Burton
IT Consultant
600 North St.
Anderson, SC 29621
864-650-3954
burtonsdw@gmail.com


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Well Tom, it seems I''m stuck...

I can''t transfer files over from my VM without a shared folder and I
can''t
add a share until the VirtualBoxGuestAddons have been installed.  However,
I cannot install the addons because I can''t find the mounted cdrom or
mount
it.  I''ve tried so many things.

I''ll just have to take a break and explore some more forums for an
answer I
guess.  What a headache...

Thanks for all of your help Tom...

Dave

On Thu, Sep 6, 2012 at 7:24 PM, David Burton <burtonsdw@gmail.com> wrote:
> Well, I''m having issues copying the output to a text file.
>
> I''m using "sudo shorewall dump > shoredmp.txt
>
> And get "LOGFILE (/var/log/messages) does not exist"
>
> Uhhh, I hate being a novice.  Why isn''t the output being written
to the
> text file?
>
>
> On Thu, Sep 6, 2012 at 6:39 PM, David Burton <burtonsdw@gmail.com>
wrote:
>
>> I just received your last message, give me a moment and I will send
>> another email with the attachment...
>>
>>
>> On Thu, Sep 6, 2012 at 6:38 PM, David Burton
<burtonsdw@gmail.com> wrote:
>>
>>> Ok, I want to build a website of course and usually I would pay for
>>> hosting via an outside organization such as Aplus.net and the like.
>>> However, I simply wanted to host my own site by setting up my own
Linux
>>> based web server and run it as a Virtual Machine rather than
dedicating
>>> another physical machine to serve this purpose.
>>>
>>> Right now I''m running Ubuntu server 12.04 x64 in Virtual
Box.  I''ve
>>> changed the network settings in Virtual Box from NAT (default) to
Bridged
>>> thus sharing my interface as you mentioned.
>>>
>>> So now, the VM carries an ip address assigned by the router which
>>> follows the 192.168.x.x format.  I''ve created an extra
account for my
>>> friend so that he can access the web server via SSH.  I, of course,
had to
>>> forward port 22 to the VM''s ip as well as port 80.
>>>
>>> With this current configuration, shorewall serves no purpose as the
>>> router''s firewall is handling all of the incoming/outgoing
traffic.  Rather
>>> it will once the site goes "live".
>>>
>>> Now, this configuration may be fine, I''m not sure.  I did,
however, wish
>>> to possess more control over the traffic coming in and going out as
well as
>>> be able to setup specific rules in the future if need be.  I can do
this
>>> with Shorewall''s functionality but the router I am
currently using does not
>>> allow for much.  It''s very basic...
>>>
>>> However, perhaps the way things are setup now will be just fine. 
Or
>>> would you recommend that I use Shorewall instead of my
router''s firewall as
>>> well?
>>>
>>> I can provide you with more detailed information if you need it.
>>> Settings in VirtualBox, router config, etc, etc...
>>>
>>> Thanks again!
>>>
>>> PAIN
>>>
>>> On Thu, Sep 6, 2012 at 6:10 PM, Tom Eastep
<teastep@shorewall.net>wrote:
>>>
>>>> On 9/6/12 1:27 PM, David Burton wrote:
>>>> > Hi Tom,
>>>> >
>>>> > Yes, Shorewall is starting correctly.  I ran
"shorewall status" (all
>>>> was
>>>> > good).  I ran "shorewall clear" and then
restarted "shorewall start".
>>>> >
>>>> > All seems to be well there...
>>>> >
>>>> > So, it seems shorewall is up and running just fine....
>>>> >
>>>> > One thing to note, is that I am running my server as a VM
(virtual
>>>> > box).  The VM is sharing my network adapter and thus
acquiring an IP
>>>> via
>>>> > DHCP from my router.  (In the current configuration with
ports 80 and
>>>> 22
>>>> > forwarded).
>>>> >
>>>> > This config works but again, the alternative config (DMZ)
is desired.
>>>> >
>>>> > What can we try now Tom?
>>>>
>>>> Explain your configuration and exactly what you are trying to
do.
>>>> Because right now I''m lost. Depending on you the VM is
sharing your
>>>> interface, Shorewall on the host will have no control over
server
>>>> traffic at all.
>>>>
>>>> -Tom
>>>> --
>>>> Tom Eastep        \ When I die, I want to go like my
Grandfather who
>>>> Shoreline,         \ died peacefully in his sleep. Not
screaming like
>>>> Washington, USA     \ all of the passengers in his car
>>>> http://shorewall.net
\________________________________________________
>>>>
>>>>
>>>>
>>>>
------------------------------------------------------------------------------
>>>> Live Security Virtual Conference
>>>> Exclusive live event will cover all the ways today''s
security and
>>>> threat landscape has changed and how IT managers can respond.
>>>> Discussions
>>>> will include endpoint security, mobile security and the latest
in
>>>> malware
>>>> threats.
http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>> _______________________________________________
>>>> Shorewall-users mailing list
>>>> Shorewall-users@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>>>
>>>>
>>>
>>>
>>> --
>>> David Burton
>>> IT Consultant
>>> 600 North St.
>>> Anderson, SC 29621
>>> 864-650-3954
>>> burtonsdw@gmail.com
>>>
>>>
>>
>>
>> --
>> David Burton
>> IT Consultant
>> 600 North St.
>> Anderson, SC 29621
>> 864-650-3954
>> burtonsdw@gmail.com
>>
>>
>
>
> --
> David Burton
> IT Consultant
> 600 North St.
> Anderson, SC 29621
> 864-650-3954
> burtonsdw@gmail.com
>
>

-- 
David Burton
IT Consultant
600 North St.
Anderson, SC 29621
864-650-3954
burtonsdw@gmail.com


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Ok Tom,

I have the additions installed and my share could probably be accessed now
but I still can''t capture the output from "shorewall dump"
into a txt file
using "sudo shorewall dump > xxxxx.txt"
I still get "LOGFILE (/var/log/messages) does not exist!"

Running "shorewall dump > shoredmp.txt" (Non-root)
Produces about 7 lines of errors.

Thanks for any help you may be able to provide.  No rush whatsoever.

Regards,

Dave

On Thu, Sep 6, 2012 at 8:20 PM, David Burton <burtonsdw@gmail.com> wrote:
> Well Tom, it seems I''m stuck...
>
> I can''t transfer files over from my VM without a shared folder and
I can''t
> add a share until the VirtualBoxGuestAddons have been installed.  However,
> I cannot install the addons because I can''t find the mounted cdrom
or mount
> it.  I''ve tried so many things.
>
> I''ll just have to take a break and explore some more forums for an
answer
> I guess.  What a headache...
>
> Thanks for all of your help Tom...
>
> Dave
>
>
> On Thu, Sep 6, 2012 at 7:24 PM, David Burton <burtonsdw@gmail.com>
wrote:
>
>> Well, I''m having issues copying the output to a text file.
>>
>> I''m using "sudo shorewall dump > shoredmp.txt
>>
>> And get "LOGFILE (/var/log/messages) does not exist"
>>
>> Uhhh, I hate being a novice.  Why isn''t the output being
written to the
>> text file?
>>
>>
>> On Thu, Sep 6, 2012 at 6:39 PM, David Burton
<burtonsdw@gmail.com> wrote:
>>
>>> I just received your last message, give me a moment and I will send
>>> another email with the attachment...
>>>
>>>
>>> On Thu, Sep 6, 2012 at 6:38 PM, David Burton
<burtonsdw@gmail.com>wrote:
>>>
>>>> Ok, I want to build a website of course and usually I would pay
for
>>>> hosting via an outside organization such as Aplus.net and the
like.
>>>> However, I simply wanted to host my own site by setting up my
own Linux
>>>> based web server and run it as a Virtual Machine rather than
dedicating
>>>> another physical machine to serve this purpose.
>>>>
>>>> Right now I''m running Ubuntu server 12.04 x64 in
Virtual Box.  I''ve
>>>> changed the network settings in Virtual Box from NAT (default)
to Bridged
>>>> thus sharing my interface as you mentioned.
>>>>
>>>> So now, the VM carries an ip address assigned by the router
which
>>>> follows the 192.168.x.x format.  I''ve created an extra
account for my
>>>> friend so that he can access the web server via SSH.  I, of
course, had to
>>>> forward port 22 to the VM''s ip as well as port 80.
>>>>
>>>> With this current configuration, shorewall serves no purpose as
the
>>>> router''s firewall is handling all of the
incoming/outgoing traffic.  Rather
>>>> it will once the site goes "live".
>>>>
>>>> Now, this configuration may be fine, I''m not sure.  I
did, however,
>>>> wish to possess more control over the traffic coming in and
going out as
>>>> well as be able to setup specific rules in the future if need
be.  I can do
>>>> this with Shorewall''s functionality but the router I
am currently using
>>>> does not allow for much.  It''s very basic...
>>>>
>>>> However, perhaps the way things are setup now will be just
fine.  Or
>>>> would you recommend that I use Shorewall instead of my
router''s firewall as
>>>> well?
>>>>
>>>> I can provide you with more detailed information if you need
it.
>>>> Settings in VirtualBox, router config, etc, etc...
>>>>
>>>> Thanks again!
>>>>
>>>> PAIN
>>>>
>>>> On Thu, Sep 6, 2012 at 6:10 PM, Tom Eastep
<teastep@shorewall.net>wrote:
>>>>
>>>>> On 9/6/12 1:27 PM, David Burton wrote:
>>>>> > Hi Tom,
>>>>> >
>>>>> > Yes, Shorewall is starting correctly.  I ran
"shorewall status" (all
>>>>> was
>>>>> > good).  I ran "shorewall clear" and then
restarted "shorewall start".
>>>>> >
>>>>> > All seems to be well there...
>>>>> >
>>>>> > So, it seems shorewall is up and running just fine....
>>>>> >
>>>>> > One thing to note, is that I am running my server as a
VM (virtual
>>>>> > box).  The VM is sharing my network adapter and thus
acquiring an IP
>>>>> via
>>>>> > DHCP from my router.  (In the current configuration
with ports 80
>>>>> and 22
>>>>> > forwarded).
>>>>> >
>>>>> > This config works but again, the alternative config
(DMZ) is desired.
>>>>> >
>>>>> > What can we try now Tom?
>>>>>
>>>>> Explain your configuration and exactly what you are trying
to do.
>>>>> Because right now I''m lost. Depending on you the
VM is sharing your
>>>>> interface, Shorewall on the host will have no control over
server
>>>>> traffic at all.
>>>>>
>>>>> -Tom
>>>>> --
>>>>> Tom Eastep        \ When I die, I want to go like my
Grandfather who
>>>>> Shoreline,         \ died peacefully in his sleep. Not
screaming like
>>>>> Washington, USA     \ all of the passengers in his car
>>>>> http://shorewall.net
\________________________________________________
>>>>>
>>>>>
>>>>>
>>>>>
------------------------------------------------------------------------------
>>>>> Live Security Virtual Conference
>>>>> Exclusive live event will cover all the ways
today''s security and
>>>>> threat landscape has changed and how IT managers can
respond.
>>>>> Discussions
>>>>> will include endpoint security, mobile security and the
latest in
>>>>> malware
>>>>> threats.
http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>>> _______________________________________________
>>>>> Shorewall-users mailing list
>>>>> Shorewall-users@lists.sourceforge.net
>>>>>
https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> David Burton
>>>> IT Consultant
>>>> 600 North St.
>>>> Anderson, SC 29621
>>>> 864-650-3954
>>>> burtonsdw@gmail.com
>>>>
>>>>
>>>
>>>
>>> --
>>> David Burton
>>> IT Consultant
>>> 600 North St.
>>> Anderson, SC 29621
>>> 864-650-3954
>>> burtonsdw@gmail.com
>>>
>>>
>>
>>
>> --
>> David Burton
>> IT Consultant
>> 600 North St.
>> Anderson, SC 29621
>> 864-650-3954
>> burtonsdw@gmail.com
>>
>>
>
>
> --
> David Burton
> IT Consultant
> 600 North St.
> Anderson, SC 29621
> 864-650-3954
> burtonsdw@gmail.com
>
>

-- 
David Burton
IT Consultant
600 North St.
Anderson, SC 29621
864-650-3954
burtonsdw@gmail.com


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

On 9/6/12 6:08 PM, David Burton wrote:
> Ok Tom,
> 
> I have the additions installed and my share could probably be accessed
> now but I still can''t capture the output from "shorewall
dump" into a
> txt file using "sudo shorewall dump > xxxxx.txt"
> I still get "LOGFILE (/var/log/messages) does not exist!"
> 
> Running "shorewall dump > shoredmp.txt" (Non-root)
> Produces about 7 lines of errors. 
> 
> Thanks for any help you may be able to provide.  No rush whatsoever.
> 
Good -- because my wife and I are trying to take a few days vacation in
the Willamette Valley wine country. And given that you haven''t read
enough of the Shorewall beginner documentation to learn about Shorewall
(or more properly Netfilter) logging, you should have enough to study
until we return home.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Wine country eh?  That sounds nice!  You''re right, I need to go over
the
documentation in further detail.  I''ll do just that!

Have a nice vacation!

Dave

On Thu, Sep 6, 2012 at 10:27 PM, Tom Eastep <teastep@shorewall.net> wrote:
> On 9/6/12 6:08 PM, David Burton wrote:
> > Ok Tom,
> >
> > I have the additions installed and my share could probably be accessed
> > now but I still can''t capture the output from "shorewall
dump" into a
> > txt file using "sudo shorewall dump > xxxxx.txt"
> > I still get "LOGFILE (/var/log/messages) does not exist!"
> >
> > Running "shorewall dump > shoredmp.txt" (Non-root)
> > Produces about 7 lines of errors.
> >
> > Thanks for any help you may be able to provide.  No rush whatsoever.
> >
>
> Good -- because my wife and I are trying to take a few days vacation in
> the Willamette Valley wine country. And given that you haven''t
read
> enough of the Shorewall beginner documentation to learn about Shorewall
> (or more properly Netfilter) logging, you should have enough to study
> until we return home.
>
> -Tom
> --
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
>
------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today''s security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>

-- 
David Burton
IT Consultant
600 North St.
Anderson, SC 29621
864-650-3954
burtonsdw@gmail.com


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/