Displaying 20 results from an estimated 10000 matches similar to: "help with samba and iptables"
2003 Mar 28
9
Squid
I''m attempting to setup Squid as shown on:
http://shorewall.sourceforge.net/Shorewall_Squid_Usage.html#DMZ
The firewall is a Bering 1.0 firewall running Shorewall 1.3.11, Red Hat
7.2 on the server in the DMZ. I''m not seeing the requests come in to the
server using tcpdump. The server is 192.168.2.1 connecting to eth2 on the
firewall, the local traffic I''m trying to
2003 Apr 15
8
repost (passive FTP server in DMZ and shorewall 1.4.2)
I apologize for the first message. :)
---------------------------------------
I have an FTP server running in the DMZ section of my home network. It uses port 23000 for connection and ports 19990 to 19994 for data transfer.
I have setup the following rule for outside people to connect to it:
DNAT net dmz:192.168.2.2 tcp 23000
I''m at work right now and I can''t use
2004 Aug 05
9
Not able to access website
Hi,
Trying to figure out why I cannot get access to dell.com
Their site is up because I can browse using a different firewall.
Trying to find out where the logs are located and what log files it
would write to if it were to deny browsing to a website. I can see the
[UNREPLIED] when using the shorewall status. Was hoping to know what
logfile it is writing it to.
Thanks in advance,
Elmer
2004 Dec 29
18
No response on port 80 with Shorewall
I have problem getting answer on http request from all my local subnets
but not from local subnet.
Ping and requests on ports 21 22 23 25 110 works fine.
I logged port 80 in rules files and I got
accept entry same for local subnet and other subnets.
Local subnet is 192.168.6
Dec 29 09:52:40 zinfsrv2 kernel: Shorewall:loc2fw:ACCEPT:IN=eth0 OUT=
MAC=00:09:6b:07:ca:cc:00:10:b5:fa:bd:71:08:00
2005 Jan 11
2
dnat problem
Hi,
I have a proxy/firewall,
I want to dnat requests for 193.205.140.106 on port 443 towards
10.2.15.23 and requests for 193.205.140.106 on ports 4330 and 3389
towards 10.2.15.25, these rules must apply from internet, loc and fw
(some client use a proxy on fw to reach these servers)
I have tried with the following rules:
DNAT net dmz:10.2.15.23 tcp 443 -
2006 Nov 07
6
Troubles DNATing UDP
Hi.
I have strange troubles with DNATing UDP packets.
The situation:
1. We have local network 10.10.0.0/16
2. We have a "server network" 192.168.1.0/25 connected with local
network by a router 10.10.100.1 (other ip 192.168.1.1).
3. Web server is located at 192.168.1.2
4. There are HW pingers in the net 10.10.0.0/16 whose do ping
10.10.100.1 every second. The ping is the UDP packet
2001 Nov 19
7
firewall
hallo samba
i have samba installed on a linux SuSE e-mail server II.
i need to know witch port i have to open in my firewall to be able to
connect the samba share via NT's explore
my samba share om linux03 is [home] = /home/users
and a connect from my NT4.0 workstation explore with \\linux03\home
where is a firewall between my linux03 server with samba and my NT4.0
workstation.
Med venlig
2002 Jul 08
1
FWD: dns woes
---------- Original Message ----------------------------------
From: "Jim Van Eeckhoutte" <jim@vaneeckhoutte.com>
Reply-To: <jim@vaneeckhoutte.com>
Date: Mon, 8 Jul 2002 15:27:14 -0700
this is shorewall status output:
tcp 6 431899 ESTABLISHED src=192.168.20.5 dst=64.4.12.45 sport=2185 dport=1863 src=64.4.12.45 dst=63.25.123.58 sport=1863 dport=2185 [ASSURED] use=1
2012 Jan 16
4
conntrack entries established before nat
Typically (or at least somewhat occasionally) after a reboot of my
shorewall[-lite] machine I find that I end up with conntrack table
entries for unNATted connections such as:
# conntrack -L -p udp --dport 5060 -d 99.232.11.14
udp 17 59 src=10.75.22.8 dst=99.232.11.14 sport=5060 dport=5060 packets=5472 bytes=3031488 [UNREPLIED] src=99.232.11.14 dst=10.75.22.8 sport=5060 dport=5060 packets=0
2013 Nov 21
14
openvpn restart fails with dual entry in conntrack and wrong sourceport
the establishment of an openvpn link sometimes fails.
I tracked it down to network traffic with wrong Sourceport in the answer
packet (should be 1300 not 1024):
2 1.119309000 aaa.185.165 bbb.162.192 UDP 58 Source port: 1300
Destination port: 1300
3 1.119446000 bbb.162.192 aaa.185.165 UDP 66 Source port: 1024
Destination port: 1300
and a collateral entry in the connection tracking table
2006 Dec 18
2
creating script for init.d
Hello.
I'm moving from a very old Fedora Core 1 to CentOS 4.4, what a change!!
Three year ago, I wrote some script (network related) and worked very well.
Now, I can put into init.d by means of chkconfig and I restarted the system,
but always hang when executing my srcipt (in my new centos 4.4).
There a manual for making scripts for init.d?
there is some new requirement by which it does not
2005 Jun 30
2
routing between 2 lines problem , after starting squid
i''m using one line on eth2 only for web traffic
eth1 is my internal line and eth0 is my main line to internet .
i''m marking packets like this
i have default route on eth0
iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK
--set-mark 66
iptables -t mangle -A PREROUTING -i eth1 -p tcp --sport 80 -j MARK
--set-mark 66
iptables -t mangle -A PREROUTING -i eth1
2011 Feb 10
2
Samba4 and iptables
Hello everybody,
I have a running an installation of Samba4 as AD. All is working fine,
but when I start the firewall, the clients have problems to login.
By my firewall-rules from the past, I had opened the ports 137:139 and
445 for samba and new for bind the port 53.
The clients (WinXP) seems to have problems to read and write from/to the
home directories. Maybe samba4 need additional or
2003 Nov 13
1
HTB traffic shaping + squid cache proxy
Hello!
My system is:
Internet ADSL(PPPoE) ---> ppp0 [LINUX server(router)] eth0 ---> LAN
Server(router) is running on LINUX Slackware 8.1. I have recompiled a
2.4.22 kernel, enabled all QoS support in the kernel config,
including HTB. My ADSL bandwidth is 256Kbit/s for download and
64Kbit/s for upload.
I use the following HTB+IPTABLES configuration, because I want to
reduce bandwith for
2007 Mar 09
2
Mark on FTP passive traffic
Hi,
I use for a customer a Linux router/firewall with 1 internal interface
connected to the LAN and 3 external interfaces connected to 3 different
ISP. I use a kernel 2.6.17 with a routes patch from Julian Anastasov.
I mark outgoing FTP traffic for the routing.
With the rules below I do not have a problem with the active/normal FTP
to connect on FTP server.
But the passive FTP does not pass
2017 Nov 13
2
[Bug 1202] New: Cannot match on both dport and sport in one nftables rule
https://bugzilla.netfilter.org/show_bug.cgi?id=1202
Bug ID: 1202
Summary: Cannot match on both dport and sport in one nftables
rule
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: nft
2009 Jan 22
1
ftp and iptables
Hi - I have a ftp server running version 2.0.7 of vsftpd on
a CentSO 5.2 server using iptables behind a Linksys router.
The setup works for UNIX machines on either side of the Linksys
router.
For the Windows machines it only works if they're behind the Linksys
router - ftp does NOT work if they're outside the Linksys router.
I'd like to solve two problems:
(1) make ftp work
2005 Sep 29
7
need help on multiple isp routing
i''ve read your http://lartc.org/howto/lartc.rpdb.multiple-links.html article
as well as Advanced IP Routing (esp. chapter 10.4) and still unable to make
this thing work. am i that helpless? :)
is there anyone to guide me through the multiple ISP setup?
into details. i got 2 dsl connections from different ISPs (A and B), both
connections use PPPoE, both got assigned with dynamic IPs
2004 Nov 25
6
Logfile entry query
Hi,
I get frequent logfile entries from Shorewall similar to the following:
Nov 25 11:22:51 10.0.0.248 kernel: Shorewall:net2mill:DROP:IN=eth2
OUT=eth0 SRC=202.96.117.50 DST=10.0.0.10 LEN=56 TOS=0x00 PREC=0x00
TTL=241 ID=0 PROTO=ICMP TYPE=11 CODE=0 [SRC=10.0.0.10
DST=202.101.167.133 LEN=48 TOS=0x00 PREC=0x00 TTL=1
ID=13591 DF PROTO=TCP INCOMPLETE [8 bytes] ]
Could someone explain what the
2003 Jan 06
3
ipsec nat-traversal
It seems to me that ipsecnat tunnel type is not complete.
Latest drafts of ipsec nat-traversal use udp port 4500 for nat-traversal
communications. (It''s called port floating). That is needed to get rid
of ugly ipsec passthru devices.
Now ipsecnat opens port udp/500 from any source port.
And I think ipsecnat won''t work at all with gw zone defined? I''m not
sure about