similar to: Multiple interfaces in a zone (not a standard case)

On Thursday 21 of April 2016 2:37:49 PM Gordon Messmer wrote: > On 04/21/2016 01:33 PM, Marcin Trendota wrote: > > It's OpenVPN on chamber. > What port is it using? I don't see the standard port listed in your > firewalld rules in either zone. 1194/udp. I added service openvpn and port 1194/udp (just to be sure) to both zones - no change. [root at chamber openvpn]#

Via creative use of the instructions at http://shorewall.net/Multiple_Zones.html#id2497549. But can a zone (in shorewall/interfaces) reference multiple interfaces? I have two openvpn instances running on my server, one bridged (for upstream access to some client vpn''s so I don''t have to request the clients add new subnets to their routing tables) and one routed (for nailed

How do I insert the iptables rule below using firewalld? I'm moving up from CentOS 6 to 7 on an office gateway and I'm trying to get OpenVPN working to allow home workers to access PCs at the office. I've got it all working but only by manually inserting an ACCEPT rule in the FORWARD iptables chain: iptables -I FORWARD 3 -i tun+ -j ACCEPT This rule was extracted from my iptables

Hi, We''re using openvpn on our firewall box to contact several networks. The idea is to use it for approx 10-15 vpn''s.. But.. Do we have to define a tunX device and an interface + zone for ''each'' VPN connection? It seems to me yes, but .. Doesn''t that make the interfaces/zones file a little bit complex or overpopulated? Just wondering because in my

On Thursday 21 of April 2016 9:08:09 AM Gordon Messmer wrote: > On 04/21/2016 03:11 AM, Marcin Trendota wrote: > > But from host in another location (connected through VPN): > What host serves the VPN? If it's another host, how is that host > connected to the router? If it's "chamber," what type of VPN is it? It's OpenVPN on chamber. I've just noticed

Hi List, I am running into a problem where I have 2 interfaces bridged with and ip address assigned. I have another interface in which traffic has ingress traffic that needs to go out the bridged interface. I am trying unsuccessfully to SNAT the traffic leaving the bridge interface to its assigned address. # brctl show xbrdg0 bridge name bridge id STP enabled interfaces

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=552 ------- Additional Comments From cbettero@ciditech.it 2007-03-04 21:48 MET ------- This problem prevents AJAX web sites to be hosted on the internal web server, because many packets will be dropped instead of passing into PREROUTING chain... -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email

Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default * non-RFC 1918

Hi folks, I have the two firewalls (Slackware current) in differnt cities connected via OpenVPN. I can ping the network behind server firewall from client firewall server. But how to route/iptable network traffic from the network behind client firewall to see the netwrok behind server firewall? Thank you Remus

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everybody, this is my first post here, i''ve just syubscribed and i woud like to ask a question. i''m running shorewall latest version with mrtg and rrdtool, with the perl shorewall-stats.pl for reporting. the problem is that the pearl gets the stats by the shorewall show command and it''s human readeable bytes form, so

My root account keeps getting locked out automatically. I am running Samba 3.0.25b on a CentOS server, as PDC with LDAP backend. I have accounts set to lock after 8 un-successful login attempts. I zeroed out the bad password count, and then in less than a few seconds the account gets locked again and a /pdbedit -Lv -u root /yields the following: Unix username: root Logon time:

Greetings, I installed a squid 3.1.10.i686 squid to a centos 6.2i686. The proxy is working fine with the default config. After I decided to use it as a transparent proxy, I added two lines to config: http_proxy 10.0.5.1:3128 transparent, always_direct allow all http_port 10.0.5.1:3128 transparent # # Recommended minimum configuration: # acl manager proto cache_object #acl localhost src

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507 Summary: tun99 don't trapped by tun+ Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ip_tables (kernel) AssignedTo: laforge@netfilter.org

On Fri, Dec 29, 2017 at 10:32 AM, Kenneth Porter <shiva at sewingwitch.com> wrote: > How do I insert the iptables rule below using firewalld? > > I'm moving up from CentOS 6 to 7 on an office gateway and I'm trying to > get OpenVPN working to allow home workers to access PCs at the office. I've > got it all working but only by manually inserting an ACCEPT rule in

hi, we use openvpn as for our vpn endpoints and we''ve got about 70-80 vpn connections which means we have tun0 - tun80 interface. i''d like to define one zone for all of our vpn connections how can I do that? actualy our local zone is 192.168.0.0/17 (not 16) and all of the vpn''s are in 192.168.128.0/17. our should i define somehow the local zone as 192.168.0.0/16? but in

Hi, [Summary] There seems to be a bug when using the "+" wildcard notation in the interfaces file, in that rules are not generated in the fwd chain to permit traffic going out an interface with a "+" in it. [Details] The interface entries: loc tun0 detect routeback,newnotsyn loc tun1 detect routeback,newnotsyn loc tun2

Hi, I am trying to reach a Raspberry Pi on my physical LAN (192.168.10.132), via OpenVPN, from the internet. The Internet host is 154.77.x.x. This is also the OpenVPN router, 10.8.0.1. The Pi is on 10.8.0.203. I am trying to reach port 3000 from the internet. >From the CentOS 7 server, I can access the Pi over OpenVPN: root at ns1:[~]$ telnet 10.8.0.203 3000 Trying 10.8.0.203... Connected

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507 kaber@trash.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From kaber@trash.net 2006-08-29

Hi, I got an existing solution with shorewall where I can differentiate tun10 from tun+ as different zone. For example: /etc/shorewall/zones A ipv4 B:A ipv4 /etc/shorewall/interfaces A tun+ B tun10 Now, I have a requirement to add tun11 to zone B. When I do this in interfaces config: A tun+ B tun10,tun11 It doesn''t like it (although it''s ok when performing

Hello! I''ve the following set-up RemoteClient1 (Win Vista), RemoteClient2 (Win XP) do both connect to my OpenVPN box. They can talk to each other, using their 172.16.1.x tun0 Address on the server. The server itself (Ubuntu gutsy, OpenVPN: 2.0.9-8, shorewall:3.4.4-1) has 1 NIC that connects the machine to a) a DSL-router (forwards several ports to this linux machine, including the