similar to: Creating/Protecting a Subnet

Hi to the list, I configured a multi-provider setup with /etc/shorewall/providers: Orange 1 1 main eth1 81.255.74.150 track,balance=1 eth0 Free 2 2 main eth2 88.180.116.254 track,balance=3 eth0 and /etc/shorewall/tcrules: 2:P 192.168.2.0/24 0.0.0.0/0 tcp 143 2:P 192.168.2.0/24

RC 2 is now available for testing (Early RC1 testing on a RedHat-based system with dynamic provider gateways uncovered a couple of debilitating defects in the enable/disable logic). Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in

RC 2 is now available for testing (Early RC1 testing on a RedHat-based system with dynamic provider gateways uncovered a couple of debilitating defects in the enable/disable logic). Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in

Beta 1 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) Previously /var/log/shorewall*-init.log was created in the wrong Selinux context. The rpm''s have been modified to

Beta 1 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) Previously /var/log/shorewall*-init.log was created in the wrong Selinux context. The rpm''s have been modified to

Tom : Firewall up not letting traffic through It is probably a setting that I have wrong Private Network: Can ping the outside network card from inside the network, but can not ping "yahoo.com" or one of its ip address (209.191.122.70) Firewall computer: On the firewall computer can ping computer on inside network and "yahoo.com" -- Eric Teeter 504 Main St.

Hi I have shorewall/iptables running on my server (pub) but access to localhost is blocked then I attemp to use ping localhost, telnet localhost 25, echo Hello | sendmail -v root@localhost. All these commands were run after using shorewall reset and creating the attached file. All these commands work with shorewall clear. My problem is I can''t email the root messages from (pub) to

Hi, I realise that one can simply start fail2ban and then it will insert its own ruleset before shorewall''s ruleset. Are there subscribers to this list having alternative (and probably better) ways to use both fail2ban and shorewall? Thanks, Mark ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90

Many questions goes in, Very few answers come out. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

I have a multi-isp configuration: CGCO 1 256 main $CGCOIF detect track,balance br-lan,tun0 IGS 2 512 main $IGSIF detect track,fallback br-lan,tun0 where I force SMTP out one of the connections: 512:P br-lan - tcp 25 But the effect of that of course is that if IGS goes down, SMTP will leak out of the CGCO connection. How can I prevent that? Cheers, b.

Hi All, I use rather old Shorewall 3.2.6 and I know it''s no longer supported. I haven''t been updating the software because it works as intended until now. The problem is a simple DNAT rule. I actually have around 8 DNAT rules and they all work just fine. Here is what I want to achieve. I have a SMTP server in my LAN (lets say address 192.168.1.10). The SMTP daemon listens on

Hi, My firewall is a machine running Debian Squeeze with shorewall 4.4.11.6. /etc/shorewall/policy says this: loc $FW ACCEPT loc loc ACCEPT loc net ACCEPT $FW net ACCEPT $FW loc ACCEPT net all DROP # info all all REJECT

On Fri, February 10, 2017 06:26, Patrick Begou wrote: > Hello > > I have more and more troubles using firefox in professional > environment with > CentOS6. The latest version is 45.7.0 But I can't use it anymore to > access some > old server hardware (IDRAC7 of DELL C6100) because of > "/SSL_ERROR_WEAK_SERVER_CERT_KEY/". I had to install an old Firefox32 >

Hello all, I have an HTPC connected 24/7 to the Internet running Mythbuntu. I also have a web/email host that runs Dovecot for email and provides IMAP and POP3 access. I understand that Dovecot supports Push IMAP and I could, for example, use Thunderbird to connect to my email host to receive instant email as it arrives. I would like to add a Dovecot IMAP server on my HTPC (for increased

I would like to dnat certain protocols (HTTP, HTTPS, SSH) to the contents of an ipset (lan:+serviceshost or similar) where the ipset is ensured to contain only one host, but can be changed dynamically when services are in maintenance mode and go to the "services are down" message on another server. Will this work, or am I barking up a fish here?

My webserver also houses our mailserver. There's about six users on that mail system and I'm thinking it would be good to back up the mailboxes to my always on HTPC computer at home, which is reachable via a dynamic IP service. I know (or think) I need to use doveadm-backup for this but rather than reinvent the wheel (or use the wrong wheel altogether) I'm wondering if anyone can

On Mon, 23 Oct 2023 at 00:43, Thomas K?ller <thomas at koeller.dyndns.org> wrote: > There is a nasty problem when using hostbased authentication: Suggestions: - "host" does DNS lookups, but is your system's nsswitch.conf or equivalent actually configured to use DNS? - have you turned off DNS lookups in sshd with "UseDNS no" in sshd_config? - you could try

Hi all. Im pretty new to the whole OpenSolaris thing, i''ve been doing a bit of research but cant find anything on what i need. I am thinking of making myself a home file server running OpenSolaris with ZFS and utilizing Raid/Z I was wondering if there is anything i can get that will allow Windows Media Center based hardware (HTPC or XBOX 360) to steam from my new fileserver? Any help

When I try to mount an administrative //mymachine2/c$ share(the shared resource is on a WinXP_SP2 unfirewalled machine) from a Linux machine, using the command bellow, I receive an 16770 error message. [root@mymachine1 scripts]# smbmount //mymachine2/c$ /mnt/tmp/ -o username=administrator 16770: session request to MYMACHINE2 failed (Not listening on called name) 16770: session request to