Displaying 20 results from an estimated 6000 matches similar to: "IPTABLES question in general"
2010 Jan 20
1
Rule and a few drops...
I have this rule in place:
--------------------------------------
DNAT net dmz:10.0.0.7 tcp 80,443
- 94.23.242.44
--------------------------------------
When I change this policy:
--------------------------------------
net dmz DROP
--------------------------------------
to:
--------------------------------------
net dmz DROP info
2003 Jan 13
7
dmz2dmz?
Hi
My situation:
I have two pc''s with public ip''s (192.159.56.206(webserver) and
84.196.123.65(mail-gateway)) in the dmz. The firewall (84.196.123.66) is
configures with proxyarp, so nothing is changed on the pc''s from when they
were not behind the firewall (i.e. they don''t have the firewall as gateway
(and they each have different gateways, only 84.196.123.65
2003 Apr 15
8
repost (passive FTP server in DMZ and shorewall 1.4.2)
I apologize for the first message. :)
---------------------------------------
I have an FTP server running in the DMZ section of my home network. It uses port 23000 for connection and ports 19990 to 19994 for data transfer.
I have setup the following rule for outside people to connect to it:
DNAT net dmz:192.168.2.2 tcp 23000
I''m at work right now and I can''t use
2005 Jan 11
2
dnat problem
Hi,
I have a proxy/firewall,
I want to dnat requests for 193.205.140.106 on port 443 towards
10.2.15.23 and requests for 193.205.140.106 on ports 4330 and 3389
towards 10.2.15.25, these rules must apply from internet, loc and fw
(some client use a proxy on fw to reach these servers)
I have tried with the following rules:
DNAT net dmz:10.2.15.23 tcp 443 -
2003 Mar 28
9
Squid
I''m attempting to setup Squid as shown on:
http://shorewall.sourceforge.net/Shorewall_Squid_Usage.html#DMZ
The firewall is a Bering 1.0 firewall running Shorewall 1.3.11, Red Hat
7.2 on the server in the DMZ. I''m not seeing the requests come in to the
server using tcpdump. The server is 192.168.2.1 connecting to eth2 on the
firewall, the local traffic I''m trying to
2019 Feb 11
2
,Re: Samba and ufw
Louis,
Tried the rules you suggested:
These work. I think that rules out any Windows problems.
ufw insert 1 allow in on enp2s5 from 192.168.254.15 to 192.168.254.39
ufw insert 2 allow in on enp2s5 from 192.168.254.39 to 192.168.254.15
These do not work.
ufw insert 1 allow in on enp2s5 proto tcp from 192.168.254.0/24 to 192.168.254.39 port 139,445
ufw insert 2 allow in on enp2s5 proto udp from
2005 Jun 11
7
help connection is dropping every 10min
Hi,
I have some problems with shorewall,
I got disconnected every 10 minutes..
All the connections stops
I am using Shorewall version 2.4.0-RC2
and it is running on debian 3.1r0
I can''t seem to find the problem.
I hope you can help me with this. i post my log so that you can maby
see where the problem is.(i have filtert some ip addresses)
/sbin/shorewall show log
Shorewall-2.4.0-RC2
2006 Feb 09
1
Error Messages in /var/log/messages
Here's the output:
Feb 9 15:51:26 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
MAC=00:0f:ea:73:88:12:00:40:2b:67:5b:a7:08:00 SRC=192.168.1.54
DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=51248 DF PROTO=TCP
SPT=1964 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
Feb 9 15:51:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
2003 Jan 16
3
Jan 16 17:49:33 murowall kernel: Shorewall:loc2net:CONTINUE:IN=eth0 OUT=eth2 SRC Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth2
I have the problem when my localnetwork do telnet to the net
Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth2
my files are the following:
policy
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
loc net CONTINUE info
loc fw ACCEPT info
loc loc ACCEPT
loc dmz ACCEPT info
fw
2006 Sep 12
3
Completely isolating P2P/BitTorrent traffic
Hi all,
I''m tring to isolate P2P traffic, specifically BitTorrent, for my QoS
scripts. I can''t seem to completely isolate ALL BitTorrent traffic.
I identify & mark packets and then use tc filters to put them into
appropriate classes. My firewall rules (below) do the markings. My VoIP
boxes'' and ICMP traffic get highest priority (mark 1). Then comes DNS, SSH,
2004 Oct 11
5
Intermittant Samba glitch
Hi there,
Let me just start by saying that I am a bit of a Linux newbie, but that Shorewall seems an excellant product. The issue I''m reporting wont stop me from using it, it still does 99% of what I need.
Anyway, I have a resonably simple two interface system. My server (HatMannz, P3-900MHz with a RAID-1 array of 80GB IDE drives running Red Hat 9.0) connects to a cable modem via eth1
2012 Jan 12
9
linux 3.3-pre-rc1: Starting domU fails with Error: Failed to query current memory allocation of dom0.
Hi Konrad,
Today i tried linuses tree of today (last commit is 4c4d285ad5665bfbd983b95fde8d7a477d24a361).
It boots dom0 fine, but it fails to start any domU with: "Error: Failed to query current memory allocation of dom0."
With my previous 3.1.5 kernel everything is fine, nothing else changed in config in between.
dmesg and xm dmesg attached
--
Sander
Dom0 shows:
total
2010 Oct 28
3
SIP client floods port 5060 and gets blocked
Hello,
Is there any reason why an IP-phone would pounder on port 5060 ? My
firewall blocks the public IP because it thinks the remote IP is port
scanning on port 5060.
I think the phone is just registering but for some reason it does this
repeatedly in a very short time.
Oct 28 09:01:48 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00
2004 Sep 24
10
hopeless - smb over bridged firewall
Dear List!
I use a shorewall 2.0.8 on a Debian sarge system. I use a DSL connection
to the Internet (ppp0 - eth1 to the modem) and a bridge to the local
lan. The bridged config i''ve made with bridge.html from the shorewall
site. The Bridge is between local net and a openvpn tap device. This
works. I ccan make tunnels, and a can make a lot of things through the
firewall. I can get a list
2003 Jan 12
10
Shorewall on a file/webserver/router Help
Hi,
I have a install of shorewall I have 2 interfaces(I think)
ppp0[connection device] and eth0 [LAN device],
I want to allow all traffic from the the internet in or aleast port 80 and
CVS and webmin and mail and everything normal to the main machine with
shorewall on it.
I changed to policy file but it just gave me errors as to double interfaces.
I also what still to alow connection sharing
2004 Nov 24
10
Attack from local network or...?
Hello,
when I execute "shorewall hits" command I find this stats:
HITS IP DATE
---- --------------- ------
92099 192.168.0.2 Nov 24
7764 59.104.107.85 Nov 23
3997 192.168.1.77 Nov 24
337 181.50.93.89 Nov 23
331 59.104.156.68 Nov 23
315 99.109.157.73 Nov 23
301 190.225.157.40 Nov 23
275 179.153.183.53 Nov 23
268
2004 Dec 04
7
vpn-zone wide open
Hello!
I am using shorewall shorewall-2.0.11-1 on fedora core2
(iptables-1.2.9-95.7). My box has 2 physical nicĀ“s plus one virt. ipsec
interface for a freeswan-vpn connection.
A few days ago, portsentry spit out a lot of connections from windows
clients (port 135, 445). Ooops.
I review my shorewall settings but could not find a mistake. So I took a
win-client and established a second
2003 Jan 08
14
prerouting newbie question/mistake :)
Hola and thanks for any help in advance
I installed mandrake 9 a few days ago and wanted to set up some
additional rules to shorewall, bu i failed :)
What i want to do is basicly route any incomming udp and tcp packets on
port 4665 to a workstation behind the router.
router with mandrake 9, eth0 (192.168.0.1) internal net, eth1(10.0.0.0)
connected to dsl modem and gets a dynamic ip
2010 Dec 27
2
what process is sending this packet?
I can see, that theres a program that keeps sending packets on port 25:
Dec 27 14:11:46 a kernel: [ 6336.992320] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=61533 DF PROTO=TCP SPT=37263 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0
Dec 27 14:12:01 a kernel: [ 6352.635704] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55853
2004 Dec 29
18
No response on port 80 with Shorewall
I have problem getting answer on http request from all my local subnets
but not from local subnet.
Ping and requests on ports 21 22 23 25 110 works fine.
I logged port 80 in rules files and I got
accept entry same for local subnet and other subnets.
Local subnet is 192.168.6
Dec 29 09:52:40 zinfsrv2 kernel: Shorewall:loc2fw:ACCEPT:IN=eth0 OUT=
MAC=00:09:6b:07:ca:cc:00:10:b5:fa:bd:71:08:00