Displaying 20 results from an estimated 8000 matches similar to: "localhost being blocked"
2011 Mar 17
2
DNAT problem
Hi All,
I use rather old Shorewall 3.2.6 and I know it''s no longer supported.
I haven''t been updating the software because it works as intended until now.
The problem is a simple DNAT rule. I actually have around 8 DNAT rules
and they all work just fine.
Here is what I want to achieve. I have a SMTP server in my LAN (lets say
address 192.168.1.10). The SMTP daemon listens on
2011 Mar 13
16
Shorewall 4.4.19 Beta 1
Beta 1 is now available for testing.
----------------------------------------------------------------------------
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) Previously /var/log/shorewall*-init.log was created in the wrong
Selinux context. The rpm''s have been modified to
2011 Mar 13
16
Shorewall 4.4.19 Beta 1
Beta 1 is now available for testing.
----------------------------------------------------------------------------
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) Previously /var/log/shorewall*-init.log was created in the wrong
Selinux context. The rpm''s have been modified to
2011 Mar 10
3
multi-isp and preventing certain traffic on a given connection
I have a multi-isp configuration:
CGCO 1 256 main $CGCOIF detect track,balance br-lan,tun0
IGS 2 512 main $IGSIF detect track,fallback br-lan,tun0
where I force SMTP out one of the connections:
512:P br-lan - tcp 25
But the effect of that of course is that if IGS goes down, SMTP will
leak out of the CGCO connection. How can I prevent that?
Cheers,
b.
2011 Mar 13
4
ipod touch, skype, and a shorewall firewall
Hi,
My firewall is a machine running Debian Squeeze with shorewall 4.4.11.6.
/etc/shorewall/policy says this:
loc $FW ACCEPT
loc loc ACCEPT
loc net ACCEPT
$FW net ACCEPT
$FW loc ACCEPT
net all DROP # info
all all REJECT
2011 Feb 24
6
Cannot connect to the internet
I cannot connect to the INTERNET via my stand alone computer or my
wireless laptop with the /etc/shorewall/interface setting I have.
What Interface setting will allow me to connect to the Internet?
Please see attached document for more details.
------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT
2012 Mar 15
3
Firewall up not letting traffic through
Tom :
Firewall up not letting traffic through
It is probably a setting that I have wrong
Private Network:
Can ping the outside network card from inside the network, but can not ping "yahoo.com" or one of its ip address (209.191.122.70)
Firewall computer:
On the firewall computer can ping computer on inside network and "yahoo.com"
--
Eric Teeter
504 Main St.
2011 Sep 17
4
Shorewall DNAT to IPSET
I would like to dnat certain protocols (HTTP, HTTPS, SSH) to the
contents of an ipset (lan:+serviceshost or similar) where the ipset is
ensured to contain only one host, but can be changed dynamically when
services are in maintenance mode and go to the "services are down"
message on another server. Will this work, or am I barking up a fish here?
2010 Apr 12
21
Using the limit action on a DNAT rule to prevent DoS attackson a specific port
Hi there.
I''m reading and reading through the doc''s and previous posts, but cannot
seem to find what I''m looking for. I want to create a rule that prevents DoS
and maybe even DDoS attacks against a specific port. The current rule looks
like this (the PORT''s and IP''s are dummies of course):
#ACTION SOURCE DEST
2009 Jul 03
5
rules and nat
Hi,
I just add these file rules:
DNAT net loc:192.168.8.35 tcp - - 202.158.70.38
DNAT net loc:192.168.8.36 tcp - - 202.158.70.38
DNAT net loc:192.168.8.37 tcp - - 202.158.70.38
And these on file nat:
202.158.70.38 eth0 192.168.8.35 no no
202.158.70.38 eth0 192.168.8.36 no no
202.158.70.38 eth0 192.168.8.37 no no
I try to connect to the internet and check the IP and all hosts returns
2009 Jun 18
9
Redirect port 80 away from Shorewall?
Hi There,
Due to shortage computer, I need to install Apache to my Shorewall box (192.168.1.1)
But the real web server is on another box (192.168.1.2)
I tried to put rule:
DNAT net loc:192.168.168.1 tcp 80
But everytime www connection coming in, it will hit my shorewall
Any solution?
Cheer
Access Yahoo!7 Mail on your mobile. Anytime. Anywhere.
Show me how:
2009 Jun 10
6
Shorewall + IPsec Tunnel
Hi everyone!
First of all, sorry about my bad English and the e-mails extension.
I need some help to implement a VPN connection using shorewall and openswan
as IPSec Tunnel.
My network map:
CLIENT VPN APPLIANCE --> +++INTERNET+++ --> FIREWALL --> OPENSWAN SERVER
(DMZ)
I have two VPN connections with two different subnets to the other end. The
two of then are correctly established.
2010 Jan 27
5
Problem Shorewall
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
2009 Dec 14
2
Manual Chains Knock.pm DNAT-
I am attempting to use the Knock.pm from
http://www.shorewall.net/ManualChains.html
I am not having much luck making the DNAT- knock work for some reason.
Anyone else using this on 4.4.4 that can verify if this still works as
documented?
Thanks
------------------------------------------------------------------------------
Return on Information:
Google Enterprise Search pays you back
Get the
2012 Mar 14
7
Block port 443 (https) to Facebook.com
Hi, in shorewall version 3.4.8 used this rule to block access to Facebook
through port 443 (https):
/shorewall/rules:
REJECT loc net:69.171.224.12,
69.171.224.0/19,69.63.176.0/20,66.220.144.0/20 tcp 443
What I did was block the public IP network segment to fitthrough https.
Now I use this same rule in version 4.4 and I works already.
Has anything changed in this
2011 Jan 20
5
Creating/Protecting a Subnet
I have an admin machine, and a backup server which does backups. The backup server has IPMI so I can do lights-out admin, and I want to allow this from the admin machine only. IPMI is completely unfirewalled, and so it must have a different class C than working networks.... this is just how it is.
I''ve set the IPMI IP on the backup server to 192.168.10.4, and created a virtual
2009 Apr 29
5
Shorewall Settings to view internal websites
We are trying to configure shorewall as follows:
1. We have shorewall running at gateway (172.16.1.1) with NAT.
2. We have a number of web servers (172.16.1.x/24). These web servers are
accessed through port forwarding at the gateway (172.16.1.1) and websites
are visible through virtual hosting through a web re-director.
3. Presently the proxy server runs in a transparent mode, i.e., all web
2009 May 26
3
Tinyproxy and shorewall setup
Hello I''m trying to setup tinyproxy and shorewall on a LEAF Bering firewall. What I''d like to do is block all HTTP connections to the internet on port 80 and 8080 and force users to use port 8888.
So in shorewall/rules I have
ACCEPT loc fw tcp 8888
DROP loc fw tcp 80,8080
The ACCEPT works fine but the DROP does not seem to work. If I
2010 Feb 27
3
Port Redirection
Hi Everyone!
I''m having problems to redirect an UDP port to an external server. My
firewall have 4 interfaces: NET, LOC (192.168.0.0/24),
DMZ(192.168.1.0/24), CMTC(10.0.0.0/24). On CMTC interface I have a
direct connection to another network using a VPN link.
I need to redirect an UDP port to on server (10.1.0.2) on CMTC zone
using my local IP (192.168.0.1) for gateway. I will use
2010 Mar 07
3
DNAT not working
Hi I am having a problem with a DNAT rule where the packets being REJECT''d:
DNAT:info net priv:192.168.6.15 udp 5060
With the following appearing in the log:
Mar 6 11:59:30 ipcop kernel: Shorewall:net2fw:REJECT:IN=eth3 OUT=
MAC=00:09:6b:6e:48:e8:00:1d:20:fa:46:90:08:00 SRC=71.216.136.25
DST=67.138.129.66 LEN=629 TOS=0x10 PREC=0xA0 TTL=50 ID=28000