Displaying 20 results from an estimated 1000 matches similar to: "Shorewall as a "commercial" firewall"
2004 Mar 25
2
Watchguard Firebox 1000 and Asterisk
Has any had any experiences with Watchguard Firebox 1000 and Asterisk. I
have asterisk on public side and phones on the private side. I am able to
get the phones to register and make outbound calls but the inbound calls are
intermittent. I have NAT enable in asterisk and on the Cisco 7960.
Any insight would be appreciated.
Thanks
2006 May 19
1
Watchguard Firebox 1000 woes
We are trying to setup a sip connection behind a Watchguard Firebox 1000 and
it is simply put...not working. The ports are all forwarded but the packets
are not going out. It is as if the firewall simply ignores SIP packets. Has
anyone seen this or have any idea what the issue could be? Watchguard so far
has been of zero help.
Kerry Garrison
Director of Technical Services
Tech Data Pros -
2004 Sep 07
6
Syntax for address range
I would like to add a rule allowing only the address 192.168.150.20 and the
range of addresses from 192.169.150.100 to 192.168.150.150 in zone dmz0 to
connect to two terminal servers in the local zone.
Is there a syntax that can specify a range of addresses in the rules file? Do
I have to enter each one separately?
--
Stephen Carville
Unix and Network Adminstrator
DPSI
6033 W.Century Blvd.
2005 Mar 02
12
Problem with outgoing Masquerade
I''m having another little problem with my new firewall. I want outgoing port
25 from my mail server to appear on the address 65.223.121.227 so I created
the file masq:
eth2 192.168.124.18 65.223.121.227 tcp 25
eth1 eth5
eth1 eth3
eth1 eth4
eth1 == net0 == 209.189.103.196/27
eth2 == net1 == 65.223.121.237/28
eth3 == dmz0
eth4 == dmz1
eth5 == loc ==
2004 Sep 02
5
DNAT and ping
I have the following
interfaces
loc eth0
net0 eth1
net1 eth2
(net0 and net1 are the two ISP networks)
policy
loc net0 ACCEPT
loc net1 ACCEPT
net0 all DROP info
proxyarp
209.189.103.204 eth0 eth1 no no
params
Pellucidar=192.168.124.232
rules
DNAT net0 loc:$Pellucidar tcp 22,80,1950,50005 - 209.189.103.204
ACCEPT all all icmp
2004 Nov 05
8
Using Shorewall + Linux Virtual Server LVS/DR
I''m havign a HUGE amount of difficulty getting shoreline to work with LVS.
We use it here constantly so we know it works. The problem is packets come
in, get directed to a webserver, webserver returns the packet to firewall,
and then it goes into a black hole. rp_filter is off globally on all
interfaces. LVS seems to be working right....
I use shorewall tcrules to mark packets on
2005 Oct 10
2
Problems installing Watchguard Firebox System software in wine (installshield)
Hello,
I am trying to use WINE (20050725-r1 on Gentoo Linux) to install/run
Watchguard's Firebox Management Software (WFS). The WFS installer uses
an installshield installer of course.. I've been looking thru the FAQ,
wiki, etc and have found info about DCOM98 needing to be installed.
I've tried a bunch of things so far, and here's where I stand:
First, I tried getting
2005 May 05
1
Ping Requests issue
Tom,
I use shorewall 2.2.3 with four network interfaces comprising of three zones.
I am able to ping some servers from the internet(net-zone) and not others.
I do not want to allow ping by default from internet. I have not copied the files action.drop
and action.reject into /etc/shorewall. Nor I have a AllowPing rule in rules file.
The policy file is pasted below.
#SOURCE DEST POLICY
2003 Mar 22
22
SecuRemote and Shorewall Problem
Sat Mar 22 14:16:55 CST 2003
This post is a bit long, but I want to make sure
I am providing the information up front that can
help in others helping me solve this mystery.
I am having a bit of difficulty getting Shorewall
to work with SecuRemote and its FW-1 server. I
have attached the "rules" file I am using and the
output of "shorewall show nat". The diagram below
2004 Dec 14
4
ipsec-netfilter patches for 2.6.9
The patches may be found at:
http://shorewall.net/pub/shorewall/contrib/IPSEC
ftp://shorewall.net/pub/shorewall/contrib/IPSEC
I found these patches on the netfilter-devel list and make no warranties
as to how well they work (or not).
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP
2005 Aug 17
2
Strange TCP ports phenomena
Hello list.
I have new server on CentOS 4.1 - fresh installation. During security
tests I've noticed:
When I scan server ports (nmap) from the outside there is 21 tcp port
open. But when I check on the server (netstat -tan or lsof -i) there is
no any open 21 tcp port.
Any ideas? To be honest I'm confused.
Regards
P.S.: of course I don't have started FTP service. Even I don't
2003 Mar 26
2
VLAN Support
Hi there,
can anyone point me to the docs needed to support Tagged Vlans through
Shorewall. I might just be blind or my understanding of Tagged Vlans
isn''t good enough yet to find it.
Axel
2005 Nov 10
9
[OT] Corporate Firewall
Hey,
The company I work for is in the market for a new firewall. Right now
we're hosting all of our own stuff (on CentOS servers) behind an old
checkpoint firewall.
I think Checkpoint is overkill for our needs and very expensive, plus I
don't like the "per-user" charges of some commercial solutions. What do
you guys suggest that we upgrade to? Here are some of the
2004 Sep 22
3
2.6 kernel ipsec and shorewall
I set up an ipsec/racoon vpn tunnel test environment. The gateway machines
are 192.168.0.30 and 192.168.0.31 on the external adaptor and 10.0.1.1 and
10.0.2.1 internally. The test workstations are 10.0.1.10 and 10.0.2.10.
The tunnel seems to be working as in 10.0.1.10 can talk to 10.0.2.10 an vice
versa and they can both use the net via NAT, however 192.168.0.30 and
192.168.0.31 cannot directly
2005 Oct 06
4
dapptrace and firefox
/usr/sfw/bin/firefox is a shell script which calls run-mozilla.sh which calls firebox-bin.
Is there a way to call dapptrace on firefox in order to trace firefox-bin?
This message posted from opensolaris.org
2004 Sep 24
10
hopeless - smb over bridged firewall
Dear List!
I use a shorewall 2.0.8 on a Debian sarge system. I use a DSL connection
to the Internet (ppp0 - eth1 to the modem) and a bridge to the local
lan. The bridged config i''ve made with bridge.html from the shorewall
site. The Bridge is between local net and a openvpn tap device. This
works. I ccan make tunnels, and a can make a lot of things through the
firewall. I can get a list
2014 Apr 22
1
Anyone used WatchGuard SIP ALG?
Has anyone here used Asterisk inside a WatchGuard firewall, talking via
the WatchGuard SIP Application Layer Gateway to an outside SIP service?
I have a customer doing just that, and I am 100% convinced there is a bug
in the ALG regarding the media port number it inserts into the SDP when
it rewrites it. However, either they or WatchGuard will not accept there
is a bug, despite my very detailed
2005 Oct 12
4
Downgrade from 3 to 2 suggestions
After considerable experimentation I'm forced to accept that Samba 3 has
problems with the combination of being a domain member, the 2.6 kernel,
and Dell 2850 hardware. It works fine on the 2.4 kernels but fails on
all the 2.6 versions I have avaialble for testing. I have one machine
that I really prefer could stay at 2.6 so my last resort there is to try
a downgrade to samba 2.X
In the
1999 May 19
3
Samba and BackupExec
Hi,
I've got Samba 2.0.2 and a server NT4 SP3 with Seagate BackupExec 7.0.
When I want to backup Samba with Seagate BackupExec, I get a message
saying "Unable to connect to server, <F5> to retry", and then another
one saying "A device specific error occured".
I've read all the Samba archive about that subject, but I do not find
any solution.
I don't
2004 Sep 01
11
IPSEC VPN clients on local network
I have problems connecting IPSEC VPN clients on the masqueraded network
to outside VPN servers.
It looks like this:
ipsec-user
| 192.168.1.10 (DHCP assigned)
|
| 192.168.1.1
fw-1 (shorewall, Linux 2.6)
| 20.20.20.20
(internet)
| 30.30.30.30
fw-2 (IPSEC VPN endpoint)
| 192.168.100.1
|
| 192.168.100.2
server
ipsec-user (a road warrior) is supposed to create an IPSEC tunnel to his
home