similar to: pop3d and iptables lockup

I have a gentoo 2.6.14 box with 4 nics, LAN/DMZ/PUB1/PUB2 LAN and DMZ have a 1918 /22 each, PUB1 and PUB2 have a /29 each of which 5 ips are assigned. Using the mangle table, I give all packets a mark (according to local policies) in the range 1-10. Using ip rule, i pass marks 1-5 through the pub1 route table, and marks 6-10 through the pub2 routing table. Using the nat table, I SNAT to one

In following up on the rsh "problem" I was having earlier, I decided to try out the suggestion Felipe sent about using system-config-securitylevel-tui to open up ports 513 and 514, but that doesn't seem to do the job, either. # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere

Hello, I am facing some problems in bridged networking. I have successfully created a bridge br0 and added a virtual machine to it. Now the address of virtual machine is 10.1.3.31. I am able to connect to this virtual machine by another computer on same network. The virtual machine is hosting a simple python http server on port 8000, while some other service is running on port 80 When I try

On Wed, 24 Apr 2019 at 06:01, likun <kun.li at ucarinc.com> wrote: > Hi?guys. > > There is a wierd problem with iptables recently, hopes somebody can help > me. > > I have installed Centos 7.2.1511 on a bare metal Dell server these days, > disabled firewalld and enabled iptables.services, and setup a group of very > simple rules, as the following: > > I believe

Currently I have shorewal 2.2 installed om my debian 2.6.8 kernel. The firewall machine can access the internet via a ethernet modem fine. The firewall can ping the local network. The local network can ping the firewall server, see the samba files. Howeven teh local network cannot access the internet through the firewall Any suggestions? Rob van Overbruggen Settings and stats: Server: Eth1 :

Hello, if you need clampmss then it is highly probable there is a PMTU discovery problem. The clampmss does not work for UDP. I probably counted the size incorrectly. So you are able to ping with size 1464 and not with 1466. How about trying same ping sizes from the internet towards your site? I mean trying to ping from sites with higher MTU than yours without lower MTU links in the path. You

current content below is annotated by some suggestions of things to add along with questions for those who know more than I do [in brackets] ================ # iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu This calculates the proper MSS for your link. [If I understand the code correctly ... - expert intervention invited] More precisely, this sets the

Hello Le 23/06/2020 à 09:06, Luca Bertoncello a écrit : > Am 23.06.2020 08:43, schrieb Luca Bertoncello: > > And another thing, I discovered right now... > >> Could you suggest me something to restrict the problem? >> Currently, I think the problem can be: >> >> 1) on Asterisk >> 2) on my Gateway/Firewall > > A couple of years ago I added this entry

Some day ago, a friend post one problem for mi. whist this texts: I have a server whit 2 interfaces of network, where eth0 is the interfaces connetc to internet and eth1 to the internal network. This server hace a Squid only, but i setting the iptables for protection to the server. Iptables run from script and in this script i setting the redirection for the other server in my internal network to

Hello, Stephen, thank you for input. Yes, these servers have the same firewall rules, and both of them have the same problem from time to time, most of time they are good. Actually, these servers are newly installed to be used as the Glusterfs storage server, so not much data flowing at this time. >From the sysctl output, I suppose it can't be a conntrack table overflow :

Am 23.06.2020 08:43, schrieb Luca Bertoncello: And another thing, I discovered right now... > Could you suggest me something to restrict the problem? > Currently, I think the problem can be: > > 1) on Asterisk > 2) on my Gateway/Firewall A couple of years ago I added this entry in my firewall: /sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS

I have an internet router powered by gentoo+shorewall2.0.7+adsl(pppoe) but my clients(and gateway) cant access some websites----these sites must be okay,other sites are okay. The I believe it is caused by MTU or MSS, but I have no idea yet. Btw, the unaccessable sites are dynamic, it says: today I cant access www.oracle.com nextday I redail--to get another ip,I can access www.oracle.com. Help!

I have problem getting answer on http request from all my local subnets but not from local subnet. Ping and requests on ports 21 22 23 25 110 works fine. I logged port 80 in rules files and I got accept entry same for local subnet and other subnets. Local subnet is 192.168.6 Dec 29 09:52:40 zinfsrv2 kernel: Shorewall:loc2fw:ACCEPT:IN=eth0 OUT= MAC=00:09:6b:07:ca:cc:00:10:b5:fa:bd:71:08:00

I have what strikes me as an odd problem with shorewall. Let me describe my setup. My desktop (alfred) is connected to the network through an ADSL modem. I am running rp-pppoe, and this works perfectly. I have a small home network, with two LANs; an Ethernet LAN (including a machine running Windows XP), and a WiFi LAN, including the laptop (william) I am using now. All the computers except for

Hi?guys. There is a wierd problem with iptables recently, hopes somebody can help me. I have installed Centos 7.2.1511 on a bare metal Dell server these days, disabled firewalld and enabled iptables.services, and setup a group of very simple rules, as the following: # iptables-save # Generated by iptables-save v1.4.21 on Tue Apr 23 09:15:14 2019 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT

https://bugzilla.netfilter.org/show_bug.cgi?id=870 Summary: Iptables cannot block outbound packets sent by Nessus Product: iptables Version: 1.4.x Platform: x86_64 OS/Version: Ubuntu Status: NEW Severity: normal Priority: P5 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=917 Summary: Kernel OOPS on Kernel 3.14.2 Product: netfilter/iptables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: critical Priority: P5 Component: NAT AssignedTo: netfilter-buglog at lists.netfilter.org

Hello Gordon and others On Tue, Jun 21, 2016 at 4:13 PM, Gordon Messmer <gordon.messmer at gmail.com> wrote: > On 06/21/2016 02:30 AM, Alexander Farber wrote: > >> -A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT >> --to-ports 8080 >> > > > I think you have the ports backward, here. > here the problem description again: I have

https://bugzilla.netfilter.org/show_bug.cgi?id=1370 Bug ID: 1370 Summary: iptables-restore-translate Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter:

Hi, I''m testing out Xen on FC4. I''m using bridging for networking, as well as iptables to firewall, configured with the standard Fedora ''system-config-security-level'' tool. However I have really strange problem with conntrack not seeming to catch outbound connections. This prevents outbound connections working from dom0. Connections from domU''s