similar to: Shorewall as a "commercial" firewall

Has any had any experiences with Watchguard Firebox 1000 and Asterisk. I have asterisk on public side and phones on the private side. I am able to get the phones to register and make outbound calls but the inbound calls are intermittent. I have NAT enable in asterisk and on the Cisco 7960. Any insight would be appreciated. Thanks

We are trying to setup a sip connection behind a Watchguard Firebox 1000 and it is simply put...not working. The ports are all forwarded but the packets are not going out. It is as if the firewall simply ignores SIP packets. Has anyone seen this or have any idea what the issue could be? Watchguard so far has been of zero help. Kerry Garrison Director of Technical Services Tech Data Pros -

I would like to add a rule allowing only the address 192.168.150.20 and the range of addresses from 192.169.150.100 to 192.168.150.150 in zone dmz0 to connect to two terminal servers in the local zone. Is there a syntax that can specify a range of addresses in the rules file? Do I have to enter each one separately? -- Stephen Carville Unix and Network Adminstrator DPSI 6033 W.Century Blvd.

I''m having another little problem with my new firewall. I want outgoing port 25 from my mail server to appear on the address 65.223.121.227 so I created the file masq: eth2 192.168.124.18 65.223.121.227 tcp 25 eth1 eth5 eth1 eth3 eth1 eth4 eth1 == net0 == 209.189.103.196/27 eth2 == net1 == 65.223.121.237/28 eth3 == dmz0 eth4 == dmz1 eth5 == loc ==

I have the following interfaces loc eth0 net0 eth1 net1 eth2 (net0 and net1 are the two ISP networks) policy loc net0 ACCEPT loc net1 ACCEPT net0 all DROP info proxyarp 209.189.103.204 eth0 eth1 no no params Pellucidar=192.168.124.232 rules DNAT net0 loc:$Pellucidar tcp 22,80,1950,50005 - 209.189.103.204 ACCEPT all all icmp

I''m havign a HUGE amount of difficulty getting shoreline to work with LVS. We use it here constantly so we know it works. The problem is packets come in, get directed to a webserver, webserver returns the packet to firewall, and then it goes into a black hole. rp_filter is off globally on all interfaces. LVS seems to be working right.... I use shorewall tcrules to mark packets on

Hello, I am trying to use WINE (20050725-r1 on Gentoo Linux) to install/run Watchguard's Firebox Management Software (WFS). The WFS installer uses an installshield installer of course.. I've been looking thru the FAQ, wiki, etc and have found info about DCOM98 needing to be installed. I've tried a bunch of things so far, and here's where I stand: First, I tried getting

Tom, I use shorewall 2.2.3 with four network interfaces comprising of three zones. I am able to ping some servers from the internet(net-zone) and not others. I do not want to allow ping by default from internet. I have not copied the files action.drop and action.reject into /etc/shorewall. Nor I have a AllowPing rule in rules file. The policy file is pasted below. #SOURCE DEST POLICY

Sat Mar 22 14:16:55 CST 2003 This post is a bit long, but I want to make sure I am providing the information up front that can help in others helping me solve this mystery. I am having a bit of difficulty getting Shorewall to work with SecuRemote and its FW-1 server. I have attached the "rules" file I am using and the output of "shorewall show nat". The diagram below

The patches may be found at: http://shorewall.net/pub/shorewall/contrib/IPSEC ftp://shorewall.net/pub/shorewall/contrib/IPSEC I found these patches on the netfilter-devel list and make no warranties as to how well they work (or not). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP

Hello list. I have new server on CentOS 4.1 - fresh installation. During security tests I've noticed: When I scan server ports (nmap) from the outside there is 21 tcp port open. But when I check on the server (netstat -tan or lsof -i) there is no any open 21 tcp port. Any ideas? To be honest I'm confused. Regards P.S.: of course I don't have started FTP service. Even I don't

Hi there, can anyone point me to the docs needed to support Tagged Vlans through Shorewall. I might just be blind or my understanding of Tagged Vlans isn''t good enough yet to find it. Axel

Hey, The company I work for is in the market for a new firewall. Right now we're hosting all of our own stuff (on CentOS servers) behind an old checkpoint firewall. I think Checkpoint is overkill for our needs and very expensive, plus I don't like the "per-user" charges of some commercial solutions. What do you guys suggest that we upgrade to? Here are some of the

I set up an ipsec/racoon vpn tunnel test environment. The gateway machines are 192.168.0.30 and 192.168.0.31 on the external adaptor and 10.0.1.1 and 10.0.2.1 internally. The test workstations are 10.0.1.10 and 10.0.2.10. The tunnel seems to be working as in 10.0.1.10 can talk to 10.0.2.10 an vice versa and they can both use the net via NAT, however 192.168.0.30 and 192.168.0.31 cannot directly

/usr/sfw/bin/firefox is a shell script which calls run-mozilla.sh which calls firebox-bin. Is there a way to call dapptrace on firefox in order to trace firefox-bin? This message posted from opensolaris.org

Dear List! I use a shorewall 2.0.8 on a Debian sarge system. I use a DSL connection to the Internet (ppp0 - eth1 to the modem) and a bridge to the local lan. The bridged config i''ve made with bridge.html from the shorewall site. The Bridge is between local net and a openvpn tap device. This works. I ccan make tunnels, and a can make a lot of things through the firewall. I can get a list

Has anyone here used Asterisk inside a WatchGuard firewall, talking via the WatchGuard SIP Application Layer Gateway to an outside SIP service? I have a customer doing just that, and I am 100% convinced there is a bug in the ALG regarding the media port number it inserts into the SDP when it rewrites it. However, either they or WatchGuard will not accept there is a bug, despite my very detailed

After considerable experimentation I'm forced to accept that Samba 3 has problems with the combination of being a domain member, the 2.6 kernel, and Dell 2850 hardware. It works fine on the 2.4 kernels but fails on all the 2.6 versions I have avaialble for testing. I have one machine that I really prefer could stay at 2.6 so my last resort there is to try a downgrade to samba 2.X In the

Hi, I've got Samba 2.0.2 and a server NT4 SP3 with Seagate BackupExec 7.0. When I want to backup Samba with Seagate BackupExec, I get a message saying "Unable to connect to server, <F5> to retry", and then another one saying "A device specific error occured". I've read all the Samba archive about that subject, but I do not find any solution. I don't

I have problems connecting IPSEC VPN clients on the masqueraded network to outside VPN servers. It looks like this: ipsec-user | 192.168.1.10 (DHCP assigned) | | 192.168.1.1 fw-1 (shorewall, Linux 2.6) | 20.20.20.20 (internet) | 30.30.30.30 fw-2 (IPSEC VPN endpoint) | 192.168.100.1 | | 192.168.100.2 server ipsec-user (a road warrior) is supposed to create an IPSEC tunnel to his home