Displaying 20 results from an estimated 300 matches similar to: "Cannot use SSH from dmz to lan"
2008 May 11
13
Message flooding of syslog
Greetings;
My syslog is getting 100s of thousands of messages like
the following (these are just a sample); (BTW I am
running Debian/lenny)
> May 11 12:41:31 gatekeeper kernel: BANDWIDTH_IN:IN=eth1 OUT=eth0 SRC=192.168.0.4 DST=64.15.118.171 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=37901 DF PROTO=TCP SPT=1307 DPT=80 WINDOW=17640 RES=0x00 ACK URGP=0
> May 11 12:41:31 gatekeeper kernel:
2008 Apr 09
2
Captive Portal with Shorewall
.
"Saluton",
Sorry by my poor english, I speak Portuguese.
I does a captive portal using:
- shorewall
- dhcpd
- thttpd (in port 8080)
- maradns
With Shorewall I use dinamic zones.
The initial zone in shorewall is
configured to redirects access to
internal thttpd port 8080, that
shows a login.cgi page.
With thttpd I rewrite original url.
The apache rewrite is very cool, but
thttpd
2008 Apr 21
1
Traffic Shaping
I have tried to follow the HOWTO''s as best I could to add some traffic
shaping to my existing shorewall firewall/router.
What I am trying to achieve
Top priority to all voip traffic, regardless of sip, iax2 etc.
Higher priority for interactive traffic - ssh, http
General queue for everything else, but
A low priority queue for any ipp2p traffic
What I have achieved.....
Almost
2008 Apr 14
1
Per VLAN Bandwidth allocation by Shorewall
Hi,
1. We have 20+ VLANs behind shorewall firewall. We would like to distribute
the Internet bandwidth to different VLANs having minimumm, typical and
maximum values based on IP ranges after NAT e.g., 172.17.4.0/24. What rules
need to be created to do so?
2. We also would like to time the access of internet of some of the VLANs,
i.e., 172.17.4.0/24 should be allowed to access the internet only
2008 Mar 31
2
IFB & ESFQ
Hello Tom,
Sorry, please but i again return to IFB question. If i correct
understand
in current situation IFB haven't profit from ESFQ in common cases (i mean
internal networks masquarading) so as we wait from ESFQ allocates bandwidth
fairly per source IP(internal) but IFB don't know internal IPs.
If i correct, what do you think what can help IFB to solve its main
disadvantage
2006 May 06
3
www.SavaJe.com
While not strictly on topic I think this could be an interesting
opportunity for the Asterisk development community.
As some of you might already know JavaOne will be happening in San
Francisco in 2 weeks time http://java.sun.com/javaone/sf/
I wanted to draw your attention to an interesting company that will be
exhibiting there called www.Savaje.com <http://www.savaje.com/> more
2008 Apr 04
1
GRE Tunnel problems
Hello,
I am doing some tests in my local network to test a GRE tunnel
configuration. I can established a tunnel but if I stop send packets
trough the tunnel , the tunnel goes down. I need to make ping from one
side of the tunnel to the another side to wake up the tunnel.
What could be my problem ?? Could be the VirtualBox ??
Thank you!
2009 Apr 16
2
ip alias and masq
Hi for all ...
I just read all doc about ip alias in Shorewall .
If I am right, I can not use ip alias with masq, it is right ?
What I am trying to do is create an ip alias in my internal network
interface and use it for tests purpose ( specifically for getting familiar
with multi ISP shorewall config )
The actual system is working fine with the ip 192.168.1.1 in eth1, eth0 is
my dsl provider .
2012 Oct 16
1
Trouble with tftp
I''m trying to enable tftp traffic initiated from our dmz network to our
internal network. I have:
TFTP(ACCEPT) dmz loc:10.10.10.1
in /etc/shorewall/rules, and:
oadmodule nf_conntrack_tftp
in /etc/shorewall/modules.
The module is loaded and I do see some entries come and go, e.g.:
udp 17 10 src=4.28.99.164 dst=10.10.10.1 sport=2071 dport=69 [UNREPLIED]
2005 Feb 28
1
Mail server on DMZ
Hello,
I have this problem: when my mail server on the DMZ starts a connection to
the internet it''s ip (213.58.230.26) is "masqueraded" with the firewall ip
(213.58.230.50). I wouldn''t mind but there is a one customer who rejects the
connection because it makes reverse dns and finds no dns entry for the
firewall ip.
How can i correct this?
Thanks,
MSantos
shorewall
2009 Apr 23
2
Address rewriting issue
Hi
I have a routing problem with the OpenVPN service running directly on
the firewall itself. I have two DSL connections, one with a static IP
(and my default route), the other with a dynamic IP. The first is
called ISBD in the configs, the second is called SAIX.
Connecting to the OpenVPN via ISBD works well, the packets route
perfectly. Connecting via SAIX does not. In the attached status.txt,
2005 Jun 16
5
Setting up a routed DMZ
Hello all,
I''ve read the shorewall guides and browsed through the mailing
lists, but I haven''t been able to find out if the following is possible
or not using shorewall.
Our provider has given us 16 IPs + 4 in a separate range for our uplink.
I would like to replace that router with a Linux box running shorewall
with three interfaces. I want the DMZ to be a standard, routed
2006 May 11
7
Rails in Dr. Dobbs Journal ?
Hi,
I''ve read that Dr. Dobbs Journal''s last issue has a cover article about
Rails titled "Ruby On Rails - Java''s Successor?". Can''t find anything
about it in http://www.ddj.com
Does someone have the paper edition and can confirm that, and tell
how the article looks like, and so on.
Thanks,
-- Jean-Fran?ois.
--
? la renverse.
2005 Jan 11
1
Squid and DMZ (ProxyARP)
Hello All,
I have a question about setting up the shorewall firewall for squid, I
followed the instructions on "Using Shorewall with Squid" --> "Squid Running
in the DMZ" section. For some reason I am unable to get the program to work.
I am able to have the squid work properly by using squidclient program, but
once I setup the firewall to use the redirect I am unable to
2004 Sep 10
2
[Flac-users] is there a way to read the length of a song from the command line?
I am working on an audio jukebox and would like to read the length of a
song (minutes:seconds) from a perl script. Is there a way to do that? I
don't see anything in the docs for flac or metaflac.
Thanks,
--
Kevin Seghetti: E-Mail: kts@tenetti.org, HTTP: www.tenetti.org
GPG public key: http://tenetti.org/phpwiki/index.php/KevinSeghettiGPGKey
Check out www.worldfoundry.org for my GPL'ed
2002 Jun 07
4
Proxy ARP - Pros & Cons
In a previous thread, Tom listed advantages (reproduced below) of Proxy
ARP over NAT. They are great reasons, but I have one reservation. By
using private addresses with NAT for servers in my DMZ, I can granularly
allow specific traffic, such as to/from the SMTP gateway/relay in the
DMZ, to connect inbound from the DMZ to an internal (LOC) mail server,
and know that it comes only from a
2006 Mar 21
7
Rails and JRuby
Has anyone attempted to run Rails inside of JRuby?
Is that even possible?
Aside from the performance implications, is it a bad idea?
I''m thinking that it might be useful in very rare cases where a
Ruby/Rails - equivalent of a Java solution may not exist yet.
Any thoughts?
Wes
--
Posted via http://www.ruby-forum.com/.
2003 Apr 15
8
repost (passive FTP server in DMZ and shorewall 1.4.2)
I apologize for the first message. :)
---------------------------------------
I have an FTP server running in the DMZ section of my home network. It uses port 23000 for connection and ports 19990 to 19994 for data transfer.
I have setup the following rule for outside people to connect to it:
DNAT net dmz:192.168.2.2 tcp 23000
I''m at work right now and I can''t use
2005 Mar 07
10
DNS Name problem with mail server on LAN
Hi,
I have a big "name problem" with my internal mail server (10.0.0.152).
It is "seen" on the internet through DNAT (213.58.230.27). Also there is a
MX record pointing to the machine. Everything works fine from the outside.
However i can''t set the mail clients on the lan pointing to the mx record,
because this one points to 213.58.230.27 and the firewall
2006 Oct 11
5
Where is djvmti Agent?
What am I missing?
[Download dvm.zip from https://solaris10-dtrace-vm-agents.dev.java.net/]
[root at load0 /]$ mkdir /opt/dvm;cd /opt/dvm
root at load0 dvm]$ unzip /home/jbuckley/dvm.zip
[jbuckley at load0 ~]$ more /etc/release
Solaris Nevada snv_45 SPARC
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to