similar to: [Bug 507] New: tun99 don't trapped by tun+

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507 kaber@trash.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From kaber@trash.net 2006-08-29

Hi, [Summary] There seems to be a bug when using the "+" wildcard notation in the interfaces file, in that rules are not generated in the fwd chain to permit traffic going out an interface with a "+" in it. [Details] The interface entries: loc tun0 detect routeback,newnotsyn loc tun1 detect routeback,newnotsyn loc tun2

Hi, This subject has been brought up in the forum, but it''s a bit different. If I have a set of tun interfaces. I already defined tun+ as zone A, and I have excluded tun15 as zone B (a subset of zone A). I need to add tun16 to zone B. My config: /etc/shorewall/interfaces: A tun+ - routeback B tun15 /etc/shorewall/ A ipv4 B:A ipv4 I tried to define in

On Fri, Dec 29, 2017 at 10:32 AM, Kenneth Porter <shiva at sewingwitch.com> wrote: > How do I insert the iptables rule below using firewalld? > > I'm moving up from CentOS 6 to 7 on an office gateway and I'm trying to > get OpenVPN working to allow home workers to access PCs at the office. I've > got it all working but only by manually inserting an ACCEPT rule in

Hi, I am trying to reach a Raspberry Pi on my physical LAN (192.168.10.132), via OpenVPN, from the internet. The Internet host is 154.77.x.x. This is also the OpenVPN router, 10.8.0.1. The Pi is on 10.8.0.203. I am trying to reach port 3000 from the internet. >From the CentOS 7 server, I can access the Pi over OpenVPN: root at ns1:[~]$ telnet 10.8.0.203 3000 Trying 10.8.0.203... Connected

On Thursday 21 of April 2016 2:37:49 PM Gordon Messmer wrote: > On 04/21/2016 01:33 PM, Marcin Trendota wrote: > > It's OpenVPN on chamber. > What port is it using? I don't see the standard port listed in your > firewalld rules in either zone. 1194/udp. I added service openvpn and port 1194/udp (just to be sure) to both zones - no change. [root at chamber openvpn]#

Hi, I got an existing solution with shorewall where I can differentiate tun10 from tun+ as different zone. For example: /etc/shorewall/zones A ipv4 B:A ipv4 /etc/shorewall/interfaces A tun+ B tun10 Now, I have a requirement to add tun11 to zone B. When I do this in interfaces config: A tun+ B tun10,tun11 It doesn''t like it (although it''s ok when performing

Via creative use of the instructions at http://shorewall.net/Multiple_Zones.html#id2497549. But can a zone (in shorewall/interfaces) reference multiple interfaces? I have two openvpn instances running on my server, one bridged (for upstream access to some client vpn''s so I don''t have to request the clients add new subnets to their routing tables) and one routed (for nailed

How do I insert the iptables rule below using firewalld? I'm moving up from CentOS 6 to 7 on an office gateway and I'm trying to get OpenVPN working to allow home workers to access PCs at the office. I've got it all working but only by manually inserting an ACCEPT rule in the FORWARD iptables chain: iptables -I FORWARD 3 -i tun+ -j ACCEPT This rule was extracted from my iptables

Hello! I''ve the following set-up RemoteClient1 (Win Vista), RemoteClient2 (Win XP) do both connect to my OpenVPN box. They can talk to each other, using their 172.16.1.x tun0 Address on the server. The server itself (Ubuntu gutsy, OpenVPN: 2.0.9-8, shorewall:3.4.4-1) has 1 NIC that connects the machine to a) a DSL-router (forwards several ports to this linux machine, including the

Hi, We''re using openvpn on our firewall box to contact several networks. The idea is to use it for approx 10-15 vpn''s.. But.. Do we have to define a tunX device and an interface + zone for ''each'' VPN connection? It seems to me yes, but .. Doesn''t that make the interfaces/zones file a little bit complex or overpopulated? Just wondering because in my

Hi List, I am running into a problem where I have 2 interfaces bridged with and ip address assigned. I have another interface in which traffic has ingress traffic that needs to go out the bridged interface. I am trying unsuccessfully to SNAT the traffic leaving the bridge interface to its assigned address. # brctl show xbrdg0 bridge name bridge id STP enabled interfaces

On Thursday 21 of April 2016 9:08:09 AM Gordon Messmer wrote: > On 04/21/2016 03:11 AM, Marcin Trendota wrote: > > But from host in another location (connected through VPN): > What host serves the VPN? If it's another host, how is that host > connected to the router? If it's "chamber," what type of VPN is it? It's OpenVPN on chamber. I've just noticed

My root account keeps getting locked out automatically. I am running Samba 3.0.25b on a CentOS server, as PDC with LDAP backend. I have accounts set to lock after 8 un-successful login attempts. I zeroed out the bad password count, and then in less than a few seconds the account gets locked again and a /pdbedit -Lv -u root /yields the following: Unix username: root Logon time:

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=552 ------- Additional Comments From cbettero@ciditech.it 2007-03-04 21:48 MET ------- This problem prevents AJAX web sites to be hosted on the internal web server, because many packets will be dropped instead of passing into PREROUTING chain... -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email

hey friends, I have installed OpenVPN 2.0.7 (i386-redhat-linux-gnu [SSL] [LZO] [EPOLL] built on Apr 29 2006) on Centos4.0 through rpm (diag repository). The network scenario of my office is below Remote Client ----> Internet <-------> Cisco Pix Firewall (Gateway) <----> VPN Server & LAN Clients

Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default * non-RFC 1918

Hi folks, I have the two firewalls (Slackware current) in differnt cities connected via OpenVPN. I can ping the network behind server firewall from client firewall server. But how to route/iptable network traffic from the network behind client firewall to see the netwrok behind server firewall? Thank you Remus

Hi, I don''t know any other group of routing gurus like the members of this list, so may be you can give me some hints. I do have a shorewall firewall up and running, openvpn is installed on this server too and is working fine so far except one new situation: I have set up a new local vlan, which I can access from my other local vlans, but not from the opnevpn-vlan. All "old"

On 04/21/2016 01:33 PM, Marcin Trendota wrote: > It's OpenVPN on chamber. What port is it using? I don't see the standard port listed in your firewalld rules in either zone. Also, you probably should specify tun+ instead of tun0, even if you think there will only be one tunnel up at any given time.