similar to: Back to c7 and firewalld

ip_forward was not enabled, now it is. Still same result: On VPN_office I use 'tcpdump -npi any icmp and host 192.168.1.1' and ping 192.168.1.1 from the client: 5:28:42.646203 IP 172.16.0.3 > 192.168.1.1: ICMP echo request, id 1584, seq 1, length 64 15:28:43.663014 IP 172.16.0.3 > 192.168.1.1: ICMP echo request, id 1584, seq 2, length 64 15:28:44.688133 IP 172.16.0.3 >

On Tue, Jun 20, 2017 at 02:26:59AM -0400, Travis S. Johnson wrote: >Hello, > >I came across an interesting problem in my home lab a few weeks ago as I'm >prepping for my RHCE exam using Michael Jang study guide. I've been at this >for days now, and I still can't wrap my head around how two or more virtual >networks in default NAT configuration are even allowed to

Hello, I came across an interesting problem in my home lab a few weeks ago as I'm prepping for my RHCE exam using Michael Jang study guide. I've been at this for days now, and I still can't wrap my head around how two or more virtual networks in default NAT configuration are even allowed to communicate with each other despite what the libvirt documentation said. Here's the

Hi I would like to add rules into the iptables of the Hosted Engine VM in Ovirt. the version is oVirt Engine Version: 4.1.1.8-1.el7.centos I have tried using the normal process for iptables (iptables-save etc), but it seems that the file /etc/sysconfig/iptables this is ignored in the Ovirt Engine VM. How can I add permanent rules into the Engine VM? Kind regards Andrew

Hello Julien, Am Tue, 15 Jan 2019 09:30:23 +0100 schrieb Julien dupont <marcelvierzon at gmail.com>: > In that case I see: > IP 172.16.0.3 > 192.168.1.1: ICMP echo request, id2135, seq1, length 64 > IP 172.16.0.3 > 192.168.1.1: ICMP echo request, id2135, seq2, length 64 > IP 172.16.0.3 > 192.168.1.1: ICMP echo request, id2135, seq3, length 64 > > Packet goes

Il giorno lun, 02/09/2019 alle 08.26 +0100, Rowland penny via samba ha scritto: > > set 01 22:36:56 s-addc.studiomosca.net named[639]: samba_dlz: > > cancelling transaction on zone studiomosca.net > > That is showing that a client isn't being allowed to update a record. Is it possible to cure it in some way? > > [2] ----[smb.conf] > > > Please do not post

On Fri, Nov 20, 2020 at 12:18 PM Frank Cox <theatre at sasktel.net> wrote: > > On Fri, 20 Nov 2020 12:07:40 -0500 > Michael B Allen wrote: > > > So TCP src 760 to 41285. What's that? > > Apparently "that" is what you need to allow in order for your desktop to work. > > What it is actually doing, I'm not sure. Google tells me that port 760 has

On 11/20/20 2:31 PM, Michael B Allen wrote: > On Fri, Nov 20, 2020 at 2:06 PM Michael B Allen <ioplex at gmail.com> wrote: >> Apparently I don't know how to do "that" because this: >> >> # iptables -A INPUT -p tcp --sport 760 -m conntrack --ctstate >> NEW,ESTABLISHED -j ACCEPT >> >> still doesn't allow the traffic through (not that I

On Fri, Nov 20, 2020 at 2:06 PM Michael B Allen <ioplex at gmail.com> wrote: > Apparently I don't know how to do "that" because this: > > # iptables -A INPUT -p tcp --sport 760 -m conntrack --ctstate > NEW,ESTABLISHED -j ACCEPT > > still doesn't allow the traffic through (not that I would want to > allow an --sport rule anyway but I'd just like to

On Fri, Nov 20, 2020 at 2:52 PM Chris Schanzle <chris.schanzle at nist.gov> wrote: > > On 11/20/20 2:31 PM, Michael B Allen wrote: > > On Fri, Nov 20, 2020 at 2:06 PM Michael B Allen <ioplex at gmail.com> wrote: > >> Apparently I don't know how to do "that" because this: > >> > >> # iptables -A INPUT -p tcp --sport 760 -m conntrack

On Wed, 24 Apr 2019 at 06:01, likun <kun.li at ucarinc.com> wrote: > Hi?guys. > > There is a wierd problem with iptables recently, hopes somebody can help > me. > > I have installed Centos 7.2.1511 on a bare metal Dell server these days, > disabled firewalld and enabled iptables.services, and setup a group of very > simple rules, as the following: > > I believe

Hi?guys. There is a wierd problem with iptables recently, hopes somebody can help me. I have installed Centos 7.2.1511 on a bare metal Dell server these days, disabled firewalld and enabled iptables.services, and setup a group of very simple rules, as the following: # iptables-save # Generated by iptables-save v1.4.21 on Tue Apr 23 09:15:14 2019 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT

On Fri, Dec 29, 2017 at 10:32 AM, Kenneth Porter <shiva at sewingwitch.com> wrote: > How do I insert the iptables rule below using firewalld? > > I'm moving up from CentOS 6 to 7 on an office gateway and I'm trying to > get OpenVPN working to allow home workers to access PCs at the office. I've > got it all working but only by manually inserting an ACCEPT rule in

Hello, Stephen, thank you for input. Yes, these servers have the same firewall rules, and both of them have the same problem from time to time, most of time they are good. Actually, these servers are newly installed to be used as the Glusterfs storage server, so not much data flowing at this time. >From the sysctl output, I suppose it can't be a conntrack table overflow :

Hi, Over the past few days I've been trying to get a prototype working of a stateful firewall for a Virtual Machine using Libvirt's network filters. My goal is to replace the current custom Python/Java code in the Apache CloudStack [0] project by Network Filters of Libvirt. Both IPv4 and IPv6 should work, but I started off with IPv4 and I have issues with accepting back

Hello, I'm having problem setting up filtering traffic for a virtual machine managed by libvirt. Strange thing is, such a setup has been working fine for me on an older version of distro (namely, opensuse 11.3 w/updates, kernel 2.6.34, libvirt 0.8.8) but refused to work on shiny new opensuse 12.4 (kernel 3.7.10, libvirt 1.0.2). The definition of filter in question is pretty simple:

Rowland, Did some editing in smb.conf that I had to reverse. Now I'm back to being able to connect with the firewall disabled. When I enable the firewall I get as far as windows network -> workgroup but no connection. I have only the rules you recommended in your last email. Louis, The information you requested is below: martin at radio:~$ dpkg -l|egrep "iptables|ufw" ii 

Rowland, OK. Should I delete these lines? diff yours mine 63d62 yours# -A ufw-after-logging-output -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " 85,87d83 yours# -A ufw-before-logging-forward -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW AUDIT] " yours# -A ufw-before-logging-input -m conntrack

https://bugzilla.netfilter.org/show_bug.cgi?id=874 Summary: Any conntrack conditions specified with --ctstate INVALID are not checked Product: iptables Version: 1.4.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P5 Component: iptables AssignedTo:

https://bugzilla.netfilter.org/show_bug.cgi?id=917 Summary: Kernel OOPS on Kernel 3.14.2 Product: netfilter/iptables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: critical Priority: P5 Component: NAT AssignedTo: netfilter-buglog at lists.netfilter.org