similar to: Cannot use SSH from dmz to lan

Greetings; My syslog is getting 100s of thousands of messages like the following (these are just a sample); (BTW I am running Debian/lenny) > May 11 12:41:31 gatekeeper kernel: BANDWIDTH_IN:IN=eth1 OUT=eth0 SRC=192.168.0.4 DST=64.15.118.171 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=37901 DF PROTO=TCP SPT=1307 DPT=80 WINDOW=17640 RES=0x00 ACK URGP=0 > May 11 12:41:31 gatekeeper kernel:

. "Saluton", Sorry by my poor english, I speak Portuguese. I does a captive portal using: - shorewall - dhcpd - thttpd (in port 8080) - maradns With Shorewall I use dinamic zones. The initial zone in shorewall is configured to redirects access to internal thttpd port 8080, that shows a login.cgi page. With thttpd I rewrite original url. The apache rewrite is very cool, but thttpd

I have tried to follow the HOWTO''s as best I could to add some traffic shaping to my existing shorewall firewall/router. What I am trying to achieve Top priority to all voip traffic, regardless of sip, iax2 etc. Higher priority for interactive traffic - ssh, http General queue for everything else, but A low priority queue for any ipp2p traffic What I have achieved..... Almost

Hi, 1. We have 20+ VLANs behind shorewall firewall. We would like to distribute the Internet bandwidth to different VLANs having minimumm, typical and maximum values based on IP ranges after NAT e.g., 172.17.4.0/24. What rules need to be created to do so? 2. We also would like to time the access of internet of some of the VLANs, i.e., 172.17.4.0/24 should be allowed to access the internet only

Hello Tom, Sorry, please but i again return to IFB question. If i correct understand in current situation IFB haven't profit from ESFQ in common cases (i mean internal networks masquarading) so as we wait from ESFQ allocates bandwidth fairly per source IP(internal) but IFB don't know internal IPs. If i correct, what do you think what can help IFB to solve its main disadvantage

While not strictly on topic I think this could be an interesting opportunity for the Asterisk development community. As some of you might already know JavaOne will be happening in San Francisco in 2 weeks time http://java.sun.com/javaone/sf/ I wanted to draw your attention to an interesting company that will be exhibiting there called www.Savaje.com <http://www.savaje.com/> more

Hello, I am doing some tests in my local network to test a GRE tunnel configuration. I can established a tunnel but if I stop send packets trough the tunnel , the tunnel goes down. I need to make ping from one side of the tunnel to the another side to wake up the tunnel. What could be my problem ?? Could be the VirtualBox ?? Thank you!

Hi for all ... I just read all doc about ip alias in Shorewall . If I am right, I can not use ip alias with masq, it is right ? What I am trying to do is create an ip alias in my internal network interface and use it for tests purpose ( specifically for getting familiar with multi ISP shorewall config ) The actual system is working fine with the ip 192.168.1.1 in eth1, eth0 is my dsl provider .

I''m trying to enable tftp traffic initiated from our dmz network to our internal network. I have: TFTP(ACCEPT) dmz loc:10.10.10.1 in /etc/shorewall/rules, and: oadmodule nf_conntrack_tftp in /etc/shorewall/modules. The module is loaded and I do see some entries come and go, e.g.: udp 17 10 src=4.28.99.164 dst=10.10.10.1 sport=2071 dport=69 [UNREPLIED]

Hello, I have this problem: when my mail server on the DMZ starts a connection to the internet it''s ip (213.58.230.26) is "masqueraded" with the firewall ip (213.58.230.50). I wouldn''t mind but there is a one customer who rejects the connection because it makes reverse dns and finds no dns entry for the firewall ip. How can i correct this? Thanks, MSantos shorewall

Hi I have a routing problem with the OpenVPN service running directly on the firewall itself. I have two DSL connections, one with a static IP (and my default route), the other with a dynamic IP. The first is called ISBD in the configs, the second is called SAIX. Connecting to the OpenVPN via ISBD works well, the packets route perfectly. Connecting via SAIX does not. In the attached status.txt,

Hello all, I''ve read the shorewall guides and browsed through the mailing lists, but I haven''t been able to find out if the following is possible or not using shorewall. Our provider has given us 16 IPs + 4 in a separate range for our uplink. I would like to replace that router with a Linux box running shorewall with three interfaces. I want the DMZ to be a standard, routed

Hi, I''ve read that Dr. Dobbs Journal''s last issue has a cover article about Rails titled "Ruby On Rails - Java''s Successor?". Can''t find anything about it in http://www.ddj.com Does someone have the paper edition and can confirm that, and tell how the article looks like, and so on. Thanks, -- Jean-Fran?ois. -- ? la renverse.

Hello All, I have a question about setting up the shorewall firewall for squid, I followed the instructions on "Using Shorewall with Squid" --> "Squid Running in the DMZ" section. For some reason I am unable to get the program to work. I am able to have the squid work properly by using squidclient program, but once I setup the firewall to use the redirect I am unable to

I am working on an audio jukebox and would like to read the length of a song (minutes:seconds) from a perl script. Is there a way to do that? I don't see anything in the docs for flac or metaflac. Thanks, -- Kevin Seghetti: E-Mail: kts@tenetti.org, HTTP: www.tenetti.org GPG public key: http://tenetti.org/phpwiki/index.php/KevinSeghettiGPGKey Check out www.worldfoundry.org for my GPL'ed

In a previous thread, Tom listed advantages (reproduced below) of Proxy ARP over NAT. They are great reasons, but I have one reservation. By using private addresses with NAT for servers in my DMZ, I can granularly allow specific traffic, such as to/from the SMTP gateway/relay in the DMZ, to connect inbound from the DMZ to an internal (LOC) mail server, and know that it comes only from a

Has anyone attempted to run Rails inside of JRuby? Is that even possible? Aside from the performance implications, is it a bad idea? I''m thinking that it might be useful in very rare cases where a Ruby/Rails - equivalent of a Java solution may not exist yet. Any thoughts? Wes -- Posted via http://www.ruby-forum.com/.

I apologize for the first message. :) --------------------------------------- I have an FTP server running in the DMZ section of my home network. It uses port 23000 for connection and ports 19990 to 19994 for data transfer. I have setup the following rule for outside people to connect to it: DNAT net dmz:192.168.2.2 tcp 23000 I''m at work right now and I can''t use

Hi, I have a big "name problem" with my internal mail server (10.0.0.152). It is "seen" on the internet through DNAT (213.58.230.27). Also there is a MX record pointing to the machine. Everything works fine from the outside. However i can''t set the mail clients on the lan pointing to the mx record, because this one points to 213.58.230.27 and the firewall

What am I missing? [Download dvm.zip from https://solaris10-dtrace-vm-agents.dev.java.net/] [root at load0 /]$ mkdir /opt/dvm;cd /opt/dvm root at load0 dvm]$ unzip /home/jbuckley/dvm.zip [jbuckley at load0 ~]$ more /etc/release Solaris Nevada snv_45 SPARC Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Use is subject to