similar to: FTP DNAT not working - "Server sent passive reply with unroutable address"

Guys, After i got the port forwarding and everything else working as per my previous post, i ran a shields-up scan from grc.com on the firewall, i.e. a scan of the external interface. I m a little suprised at the results. On the firewall i have postfix running ( smtp port 26 ), openssh ( ssh port 22) and port forwarding of port 85 (on the firewall ) to an internal host. The Shields-Up scan

I want to use fprobe-ulog (http://fprobe.sourceforge.net/) to generate NetFlow information about traffic going through my router. The question is how to get the logging rules added to the appropriate chains (I''m assuming eth2_in and eth2_out in my case)? I''m using the perl version of shorewall 4.0.6. -- Orion Poplawski Technical Manager 303-415-9701

Hi, I am running OpenVPN where i have one central hub VPN server, and multiple spoke VPN clients. I can ping from each client to the server and each client to computers on the subnet which the server resides (192.168.2.0/24) so it works ok there. I cannot however, ping from one client to another client. I guess the packet path would go: clienta -> vpn -> shorewall/router -> vpn ->

I have an old Pentium II which I use as a gateway and firewall for a home network. The external interface is a modem on ppp and the internal interface is ethernet. I have had this setup running successfully for many years starting with the early 2.x series Shorewall. My ISP recently changed my dial-up ''phone number and presumably also the system at the other end of my modem (they

Hi guys, I''m not sure where to post for help on this one, shorewall or lvs, I''ll start with shorewall (only cause Tom is a gun at this stuff, and is polite enough to tell me to bugger off to the LVS list if I''m posting in the wrong one ;) I have a single box that is my router/firewall/LVS. Internet -- eth0 - router/firewall - eth1 --- internal lan | eth2

Attempting to setup a dual ISP on a gentoo box but I''m not sure how to configure the routing in the /etc/conf.d/net configuration file. Does shorewall do all the routing or do I set just the default route to the PRIMARY outbound ISP? Vernon ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net

hi, I am running shorewall 3.2.9 on Mandriva2007 with 2 ISPs. Certain local IPs are directed to a specific ISP in route_rules, and this was working perfectly. I had to reinstall Mandriva, and after that this redirection is not working. My files are: masq: eth1 192.168.10.3 202.71.146.210 eth2 202.71.146.210 192.168.10.3 eth1 eth0 202.71.146.210 eth2 eth0 192.168.10.3 interfaces:

>> Only one remark. Information about 'init' file i found only in >> releasenotes.txt for 4.1.6 (for setting up 'ifb' module) and i found >> 'initdone' file in Shorewall config directory and without manfile also. >> For me not very clearly as it use. > > http://www.shorewall.net/shorewall_extension_scripts.htm On this page i found a

Hi, I use for a customer a Linux router/firewall with 1 internal interface connected to the LAN and 3 external interfaces connected to 3 different ISP. I use a kernel 2.6.17 with a routes patch from Julian Anastasov. I mark outgoing FTP traffic for the routing. With the rules below I do not have a problem with the active/normal FTP to connect on FTP server. But the passive FTP does not pass

Given that a 4-day silence on this list is almost unprecedented, thought I had better send a test post. Apologies for the spam. ------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB

Hi all, I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as passive ftp. the theroy behind passive ftp is , - FTP server's port 21 from anywhere ( Client initiates connection) - FTP server's port 21 to ports > 1024 (Server responds to client's control port) - FTP server's ports > 1024 from anywhere (Client initiates data connection to

Hello, I''m observing a weird bug with ip_nat_ftp in a somewhat more complicated constellation. It''s possible that XEN is also involved in this, but I''m not sure. What I''m trying to do is have XEN guest domains on a host, connected via a bridge into a private network. The the privileged domain attaches to this private network and acts as a NAT router to connect

I have a really basic question (I think). We have two boxes connected to a lan segment on a hub. One is a Windows box running "Show Traffic", the other is a CentOS 5 Linux box running "ntop". Both boxes should be able to sniff all of the traffic on that hub (not a switch). The Windows box does just fine, Show Traffic is able to display traffic destined for other boxes

Hi all, I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as passive ftp. the theroy behind passive ftp is , - FTP server''s port 21 from anywhere (Client initiates connection) - FTP server''s port 21 to ports > 1024 (Server responds to client''s control port) - FTP server''s ports > 1024 from anywhere (Client initiates data

Grant Taylor wrote: > I''ll have to double check some things to make sure that you don''t need > to do any thing special other than just allow the initial connection and > rely on the FTP connection tracking helper to handle all other connections. > > I''ve never run an FTP server behind a NAT, but I''ve never had a problem > with the FTP

-------- Original Message -------- Subject: Re: [LARTC] DNAT rule for vsftp (PASSIVE FTP) Date: Fri, 05 Oct 2007 12:17:42 +0530 From: Mohan Sundaram <smohan@vsnl.com> Reply-To: smohan@vsnl.com To: Indunil Jayasooriya <indunil75@gmail.com> References: <7ed6b0aa0710042251u6442fb85ma74e46aa9d3f81f9@mail.gmail.com> Indunil Jayasooriya wrote: > Hi all, > > I want to run

Hi. Im setting up a web farm test lab. I have a number of machines in the test last on a dmz zone on network 10.20.30.0. The test lab firewall has two NICS. One (eth0) has two ip addresses, eth0 10.161.101.40 and eth0:0 10.161.10.49. The other one, eth1 is on a private network, 10.20.30.0. I want to use DNAT to allow test engineers to ssh into the machines in the web farm. I have

Hello Tom, Sorry, please but i again return to IFB question. If i correct understand in current situation IFB haven't profit from ESFQ in common cases (i mean internal networks masquarading) so as we wait from ESFQ allocates bandwidth fairly per source IP(internal) but IFB don't know internal IPs. If i correct, what do you think what can help IFB to solve its main disadvantage

Hello, I am doing some tests in my local network to test a GRE tunnel configuration. I can established a tunnel but if I stop send packets trough the tunnel , the tunnel goes down. I need to make ping from one side of the tunnel to the another side to wake up the tunnel. What could be my problem ?? Could be the VirtualBox ?? Thank you!

I''m trying to use my VPS server (single interface of course) as somewhat of a VPN gateway to my other location (which is not accessible directly from some places) where the openvpn server is running, and am kind of lost as to what to try next. I tried a redirect rule, but apparently shorewall didn''t like that (it just failed to start). I tried adding the rules via