similar to: Can't get port forwarded from net to net

Firewall users, My apologies as I''m not on this list, so please respond directly as well as to the list. I did try to search the archives and didn''t find any hits, although the search did not like searching for terms with underscores in them (both clear_firewall and ip_forward). I was trying to understand why, when running shorewall stop, even though it echoes IP

Hello, I have a pretty standard two-interface setup with masquerading, so the local network can connect through the firewall to the Internet. On the firewall box (trevor), eth0 is connected to a cable modem and eth1 is connected to the local network via a crossed cable. There is one other machine on the local network (brian), whose eth0 is at the other end of the crossed cable. I used to have

Hi all, This is your standard "I can''t *see* the internet" problem, except I think I''ve exhausted all the standard solutions. The only thing different is that my house experienced a power outage and now (after the FW rebooted) local machines can''t "see" out. I''ve got a 2-interface setup, using Shorewall 2.0.15 (installed via Debian).

Hi, i have one firewall/gateway server with two interfaces and a routing problem (?). eth0: external interface eth1: internal interface. Both ip address are valid. Services like DNS, HTTP is configured to run using eth1 ip address. The problem is when i try to connect from internet to firewall, i can´t see eth1 ip address... only eth0 ip address. So, when i try to connect to web

Hi, Sorry, not an experienced shorewall user, this is my first basic setup. This starts to drive me crazy. I wanted to use DNAT to forward port 33890 to an internal machine (windows) port 3389. To reach my workstation when I''m not home. In my rules : DNAT:debug net loc:192.168.0.11:3389 tcp 33890 - pub.lic.ip.add #SECTION BLACKLIST #well known port scans DROP net

When installing Mandrake 9.0 with the higher security option you cannot ping any of it interfaces, localhost (127.0.0.1) included. All other connections to the system are fine, e.g. ssh, www, squid, etc. "shorewall clear" doesn''t help. Does anyone know how to turn this off for at least localhost and eth1?? Yours truly, Ben

Sorry for the frantic nature of this message, but we need to allow pings on our firewall so our ISP can test things. I''ve done this, and it still doesn''t work: (I am now at v.2.0.10) rules: AllowPing net fw AllowPing sls fw show indicates some matches, so where are they? Chain AllowPing (4 references) pkts bytes target prot opt in out source

Yesterday I took two machines (both running Xen) down. When I booted them back up I had a whole mess of problems. First (which I finally got solved), is that the domains were saved, but the saved state got corrupted. This caused the machines to go into a continuous cycle of reboots. Second, I found out that I cannot shutdown or reboot my machines. I have not run into this problem other then

I am using the "tha" Xen packages from http://packages.debianbase.de/sarge/amd64/xen3/ However, I noticed that some new packages have been uploaded into the NEW queue. What I am wondering is if/when/where the Sarge packages will be made available. If there is no current plan to make them available, I would be happy to help in any way that I can. -Roberto -- Roberto C. Sanchez

Is there a way to add a rule to the nat table (CentOS 5.7) that would alter the port number of tcp packets destined for the server itself? I have ip_forwarding enabled, but the packets don't seem to hit the prerouting chain. I have the following redirect rule in the prerouting table. I also tried DNAT, but if the packets don't hit PREROUTING, it won't work either. iptables -t nat

Anyone tried the digium TC400B transcoding card? What are your opinions? Thnx

Hey all, I'm trying to swap to CentOS and I have just about everything working except ip_forwarding. I have FORWARD_IPV4="yes" in my /etc/sysconfig/network file but /proc/sys/net/ipv4/ip_forward does not = 1 (also tried to set it to ="true" and just =true). All the firewall (iptable) rules are in place. Why won't ip_forward stay enabled? I'm using the latest DL

I''m trying to use my VPS server (single interface of course) as somewhat of a VPN gateway to my other location (which is not accessible directly from some places) where the openvpn server is running, and am kind of lost as to what to try next. I tried a redirect rule, but apparently shorewall didn''t like that (it just failed to start). I tried adding the rules via

Hello, I have set up a build machine for Xen. Currently it builds the version checked out from Subversion with the latest testing version from Xen repository for Sarge every night. deb http://naquadah.org/~jd/debian/xen stable main I plan to upload real and official backports to backports.org as soon as we will upload a version to sid. Any comment welcome, Cheers, -- Julien Danjou

Dear all, I?m testing a server and try to simulate a server in production. We have a SSL certificate and I have configured the test server with the same servername as it is in production. To access it, I change the hosts file in my laptop to reach the test server. However, the Java application running in the server tries to access some local web content. I have changed the hosts file

Sorry, I guess I haven''t looked passed "Otherwise". All the exact output in the attached file. Ping to the same address from firewall works perfectly A added a few unnecessary ACCEPTs to the 2-zone setup etc after I could not get the ping through the first time Cheers Alex

I am running Redhat 6.1 as a firewall between a cable modem and my home network. Occasionally, I see messages such as these under /var/log/messages: Jan 17 13:38:16 saturn5 portmap[3726]: connect from 24.28.77.200 to dump(): request from unauthorized host Jan 18 14:00:34 saturn5 portmap[1544]: connect from 204.151.148.146 to dump(): request from unauthorized host My assumption is that the

I need to allow the company operator to decide whether to record a call. (Car dealership that needs to coach salespeople). They don't want to record every sales call, just for the purposes of coaching certain employees on an ad hoc basis. The situation is: a. Call comes in on PSTN PRI b. Call is routed to operator in dialplan c. Operator ascertains that its a sales call for a salesman in

Hi all, I have built a test version of the glibc with a xen flavour. It is available on http://people.debian.org/~aurel32/xen/ . The only difference with the version currently in sid is the presence of the libc6-xen package. If you are using xen, please test it and tell me if it fixes speed problems. If everything is ok, I will commit it into our SVN. Bye, Aurelien -- .''`.

Hi I have a problem with Shorewall on my two-interface connection. I run Debian unstable. The setup looks like this: Internet -------- router ------- server 213.237.12.137 192.168.1.3 192.168.1.2 192.168.0.7 --- local net 192.168.0.{...} I can ping the server from the local net, and the local net from the