similar to: Re: help with a W2K VPN client 619 error and PPTPserver

________________________________________ From: CentOS <centos-bounces at centos.org> on behalf of Valeri Galtsev <galtsev at kicp.uchicago.edu> Sent: Thursday, September 21, 2017 9:10 AM To: centos at centos.org Subject: [CentOS] prevent users from fiddling with network? Dear Experts, "this is system from the hell!" Than was my first reaction when I realized that logged in

Hello, I struggle to "translate" an old fashioned pkla file into the "new" java script like rule format. My solution works half. The creation of a color device now is allowed in an XRDP session, as expected, but some other features now are disabled. I am not able to shutdown the machine nor mount an usb device. This is the old pkla [Color Manager All Users]

I''ve got what I think is a fairly simple home network configuration with one Linux box functioning as the firewall, VPN server, DHCP server and file/print server. I am having trouble configuring both a VPN server (PopTop) and the firewall rules for a W2K PPTP VPN client. The VPN server runs on the firewall machine and the VPN client runs on a W2K machine behind the firewall. The VPN

--==========1943392778========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Here''s another little patch that corrects a couple of silly mistakes. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net --==========1943392778==========

It seems to me that ipsecnat tunnel type is not complete. Latest drafts of ipsec nat-traversal use udp port 4500 for nat-traversal communications. (It''s called port floating). That is needed to get rid of ugly ipsec passthru devices. Now ipsecnat opens port udp/500 from any source port. And I think ipsecnat won''t work at all with gw zone defined? I''m not sure about

And it looks like there''s a bug. I have a "firewall" with a single ethernet interface that splits into a network zone and a local zone and as a consequence I have a hosts file with the following in it: net eth0:!192.168.0.0/24 loc eth0:192.168.0.0/24 When I run shorewall start, I get an error, running in debug mode and capturing the output give me: + run_iptables -A

Hello everybody, To make all clear; I am newbee in shorewall, but... I''ve tried to connect two computers by Mandrake Connection Sharing facility. (Mandrake 9.1). Briefly, the problem is that after all that auto-configuration activities the network is completely down, just because shorewall. The result of calling `shorewall debug start` by hand is available at the end of the

Hello! I configured a pptpserver on my firewall and followed the pptp-manual from Shorewall. Login via VPN to firewall (internal ip: 192.168.10.2) is ok and I can ping this server via internal ip (and use it: add samba-shares, etc.). Unfortunately I can''t connect to other hosts in my intranet (LOC). Ping from vpn-client to clients in intranet fails, although Shorewall-Log shows an

hello , i''m currently trying to set-up Traffic Shapping with Shorewall and I have strong feelings that I found a bug. I may be mistaken, but I tried everything and can''t get it to work. I''ve turned ON TC_ENABLED=Yes and CLEAR_TC=Yes when i start shorewall ( shorewall start ), i get this message : Setting up Traffic Control Rules... TC Rule "2 eth1 0.0.0.0/0 tcp

Hello, I''m trying to setup an 8 port wan configuration (pptp+pppoe) with one vlan trunk. My internal networks are : LAN(eth9): 10.0.0.0/16 VLAN10(eth9) 10.10.0.0/24 VLAN20(eth9) 10.20.0.0/24 VLAN30(eth9) 10.30.0.0/24 VLAN100(eth9) 10.100.0.0/24 I would like to post my configuration here since i don''t success to do the following: 1. Communicate between VLANxx to LAN

Hi, after kernel upgrade to 2.4.23 my existing configuration of shorewal 1.4.8 will not start / it fail on DNAT and/or masq with message: "iptables: Invalid argument" / I founded some similar problems description - see links bellow, but there is no solution how to get work shorewall with DNAT and masq with 2.4.23 kernel. http://www.ussg.iu.edu/hypermail/linux/kernel/0312.0/0268.html

Hi guys, I''m trying to setup an IPIP tunnel between a Cisco router and a firewall running Debian GNU/Linux Sarge with Shorewall 2.0.13. I''ve read and implemented the http://shorewall.net/IPIP.htm document, but I don''t understand why there should be at the same time a "tunnel" and a "tunnels" script. Shorewall still refuses to let the

Hello I have 2 models. link.rb has_many :categories, :as => :categorized validates_presence_of :name, :url, :created_at, :category category.rb belongs_to :categorized, :polymorphic => true validates_presence_of :name Everything seems to work. I select my category from a select tag. The problem is i don''t know how to validate if category is for example empty (nothing in a

Dear list members, Masquerading does''not work for me. This is a Mandrake Linux 10 system, but I use another kernel, that included in the original distribution (original: 2.6.3, now used 2.6.8 because of a lot of suck with OpenSwan with kernels prior 2.6.4). The problem seems to be similar or identical mentioned here:

Dear Experts, "this is system from the hell!" Than was my first reaction when I realized that logged in with GUI (X11) user can turn off (and on) network interfaces. Without being in sudoers file. Wow, this is scary to see on workstations I manage centrally. Even though I did consider local user to be able to execute the command "shutdown" (which distinguished RedHat and

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.10 ftp://shorewall.net/pub/shorewall/2.0/shorewall-2.0.10 Nothing Earth-shattering here and there is no reason to upgrade if you are not seeing one of the corrected problems. - ----------------------------------------------------------------------- Problems corrected in version 2.0.10 1) The

Hi Tom, I nearly completed the test and installation related to http://www.shorewall.net/PPTP.htm. However, there is no serious problem when it is operated as it is in the general companies, but there is Client Program for MS-Window that is operated only by Public IP. So I am very concerned about it. I would like to use Internet through Gateway in (B) as local computers in (A) receive Public

https://bugzilla.netfilter.org/show_bug.cgi?id=619 Phil Oester <netfilter at linuxace.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED CC| |netfilter at linuxace.com Resolution|

http://bugzilla.mindrot.org/show_bug.cgi?id=619 Summary: scp permissions Product: Portable OpenSSH Version: 3.6.1p2 Platform: All OS/Version: other Status: NEW Severity: normal Priority: P2 Component: scp AssignedTo: openssh-bugs at mindrot.org ReportedBy: johnf.ct at netzero.net I hope

http://bugzilla.mindrot.org/show_bug.cgi?id=619 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Additional Comments From djm at mindrot.org 2004-02-10 13:37