Displaying 20 results from an estimated 5000 matches similar to: "FTP DNAT not working - "Server sent passive reply with unroutable address""
2007 Dec 18
11
Shields-Up Scan of Shorewall Firewall
Guys,
After i got the port forwarding and everything else
working as per my previous post, i ran a shields-up
scan from grc.com on the firewall, i.e. a scan of the
external interface.
I m a little suprised at the results. On the firewall
i have postfix running ( smtp port 26 ), openssh ( ssh
port 22) and port forwarding of port 85 (on the
firewall ) to an internal host.
The Shields-Up scan
2008 Jan 10
5
Want to log all ISP traffic to ULOG
I want to use fprobe-ulog (http://fprobe.sourceforge.net/) to generate
NetFlow information about traffic going through my router. The question
is how to get the logging rules added to the appropriate chains (I''m
assuming eth2_in and eth2_out in my case)? I''m using the perl version
of shorewall 4.0.6.
--
Orion Poplawski
Technical Manager 303-415-9701
2008 Mar 26
8
Hub/Spoke OpenVPN can't communicate from Client A to Client B - FORWARD:REJECT:IN=tun0 OUT=tun0
Hi, I am running OpenVPN where i have one central hub VPN server, and multiple spoke VPN clients. I can ping from each client to the server and each client to computers on the subnet which the server resides (192.168.2.0/24) so it works ok there. I cannot however, ping from one client to another client. I guess the packet path would go:
clienta -> vpn -> shorewall/router -> vpn ->
2007 Dec 14
6
kernel panic with shorewall
I have an old Pentium II which I use as a gateway and firewall
for a home network. The external interface is a modem on ppp and the
internal interface is ethernet. I have had this setup running
successfully for many years starting with the early 2.x series
Shorewall.
My ISP recently changed my dial-up ''phone number and presumably also
the system at the other end of my modem (they
2008 Jan 08
8
Shorewall and LVS-NAT (via fwmark) nat'd machines can't access the outside world directly
Hi guys,
I''m not sure where to post for help on this one, shorewall or lvs, I''ll
start with shorewall (only cause Tom is a gun at this stuff, and is polite
enough to tell me to bugger off to the LVS list if I''m posting in the wrong
one ;)
I have a single box that is my router/firewall/LVS.
Internet -- eth0 - router/firewall - eth1 --- internal lan
|
eth2
2007 Dec 14
2
Dual ISP
Attempting to setup a dual ISP on a gentoo box but I''m not sure how to
configure the routing in the /etc/conf.d/net configuration file. Does
shorewall do all the routing or do I set just the default route to the
PRIMARY outbound ISP?
Vernon
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net
2007 Dec 14
1
route_rules redirection not working
hi,
I am running shorewall 3.2.9 on Mandriva2007 with 2 ISPs. Certain
local IPs are directed to a specific ISP in route_rules, and this was
working perfectly. I had to reinstall Mandriva, and after that this
redirection is not working. My files are:
masq:
eth1 192.168.10.3 202.71.146.210
eth2 202.71.146.210 192.168.10.3
eth1 eth0 202.71.146.210
eth2 eth0 192.168.10.3
interfaces:
2008 Mar 28
1
Re: rfc1918
>> Only one remark. Information about 'init' file i found only in
>> releasenotes.txt for 4.1.6 (for setting up 'ifb' module) and i found
>> 'initdone' file in Shorewall config directory and without manfile also.
>> For me not very clearly as it use.
>
> http://www.shorewall.net/shorewall_extension_scripts.htm
On this page i found a
2007 Mar 09
2
Mark on FTP passive traffic
Hi,
I use for a customer a Linux router/firewall with 1 internal interface
connected to the LAN and 3 external interfaces connected to 3 different
ISP. I use a kernel 2.6.17 with a routes patch from Julian Anastasov.
I mark outgoing FTP traffic for the routing.
With the rules below I do not have a problem with the active/normal FTP
to connect on FTP server.
But the passive FTP does not pass
2009 Jan 06
9
Test
Given that a 4-day silence on this list is almost unprecedented, thought
I had better send a test post. Apologies for the spam.
------------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It is the best place to buy or sell services for
just about anything Open Source.
http://p.sf.net/sfu/Xq1LFB
2007 Oct 05
3
DNAT rule for vsftp --(PASSIVE FTP)
Hi all,
I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as
passive ftp.
the theroy behind passive ftp is ,
- FTP server's port 21 from anywhere ( Client initiates connection)
- FTP server's port 21 to ports > 1024 (Server responds to client's
control port)
- FTP server's ports > 1024 from anywhere (Client initiates data
connection to
2006 Sep 17
0
Weird DNAT + passive FTP bug
Hello,
I''m observing a weird bug with ip_nat_ftp in a somewhat more complicated
constellation. It''s possible that XEN is also involved in this, but I''m
not sure.
What I''m trying to do is have XEN guest domains on a host, connected via
a bridge into a private network. The the privileged domain attaches to
this private network and acts as a NAT router to connect
2008 Jan 17
7
Netfilter, libpcap, ntop and promiscuous mode?
I have a really basic question (I think). We have two boxes connected
to a lan segment on a hub. One is a Windows box running "Show Traffic",
the other is a CentOS 5 Linux box running "ntop". Both boxes should be
able to sniff all of the traffic on that hub (not a switch).
The Windows box does just fine, Show Traffic is able to display traffic
destined for other boxes
2007 Oct 05
3
DNAT rule for vsftp (PASSIVE FTP)
Hi all,
I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as
passive ftp.
the theroy behind passive ftp is ,
- FTP server''s port 21 from anywhere (Client initiates connection)
- FTP server''s port 21 to ports > 1024 (Server responds to client''s
control port)
- FTP server''s ports > 1024 from anywhere (Client initiates data
2007 Oct 05
0
[Fwd: Re: DNAT rule for vsftp (PASSIVE FTP)]
Grant Taylor wrote:
> I''ll have to double check some things to make sure that you don''t need
> to do any thing special other than just allow the initial connection and
> rely on the FTP connection tracking helper to handle all other connections.
>
> I''ve never run an FTP server behind a NAT, but I''ve never had a problem
> with the FTP
2007 Oct 05
0
[Fwd: Re: DNAT rule for vsftp (PASSIVE FTP)]
-------- Original Message --------
Subject: Re: [LARTC] DNAT rule for vsftp (PASSIVE FTP)
Date: Fri, 05 Oct 2007 12:17:42 +0530
From: Mohan Sundaram <smohan@vsnl.com>
Reply-To: smohan@vsnl.com
To: Indunil Jayasooriya <indunil75@gmail.com>
References: <7ed6b0aa0710042251u6442fb85ma74e46aa9d3f81f9@mail.gmail.com>
Indunil Jayasooriya wrote:
> Hi all,
>
> I want to run
2008 Oct 01
2
DNAT Issue
Hi.
Im setting up a web farm test lab. I have a number of machines in the
test last on a dmz zone on network 10.20.30.0.
The test lab firewall has two NICS. One (eth0) has two ip addresses,
eth0 10.161.101.40 and eth0:0 10.161.10.49. The other one, eth1 is
on a private network, 10.20.30.0.
I want to use DNAT to allow test engineers to ssh into the machines in
the web farm. I have
2008 Mar 31
2
IFB & ESFQ
Hello Tom,
Sorry, please but i again return to IFB question. If i correct
understand
in current situation IFB haven't profit from ESFQ in common cases (i mean
internal networks masquarading) so as we wait from ESFQ allocates bandwidth
fairly per source IP(internal) but IFB don't know internal IPs.
If i correct, what do you think what can help IFB to solve its main
disadvantage
2008 Apr 04
1
GRE Tunnel problems
Hello,
I am doing some tests in my local network to test a GRE tunnel
configuration. I can established a tunnel but if I stop send packets
trough the tunnel , the tunnel goes down. I need to make ping from one
side of the tunnel to the another side to wake up the tunnel.
What could be my problem ?? Could be the VirtualBox ??
Thank you!
2013 Nov 05
8
Forwarding external traffic to another external server?
I''m trying to use my VPS server (single interface of course) as
somewhat of a VPN gateway to my other location (which is not
accessible directly from some places) where the openvpn server is
running, and am kind of lost as to what to try next.
I tried a redirect rule, but apparently shorewall didn''t like that (it
just failed to start).
I tried adding the rules via