similar to: local clients cannot access internal server

Displaying 20 results from an estimated 300 matches similar to: "local clients cannot access internal server"

2004 Jan 21
3
FW: DNAT and masq problem with kernel 2.4.23
Hi, after kernel upgrade to 2.4.23 my existing configuration of shorewal 1.4.8 will not start / it fail on DNAT and/or masq with message: "iptables: Invalid argument" / I founded some similar problems description - see links bellow, but there is no solution how to get work shorewall with DNAT and masq with 2.4.23 kernel. http://www.ussg.iu.edu/hypermail/linux/kernel/0312.0/0268.html
2005 Mar 02
3
duplicated dnat entries
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all, im using shorewall 2.2.1 on a CentOS 4, im newbie with shorewall, just testing it i created a dnat rule like this #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT
2005 Jan 10
3
REDIRECT + shorewall drop for dynamic blacklists
Hi, I have seen this come up in a couple of threads, but nothing recent. I was wondering a couple of things and was hoping someone could clarify. I have an existing working shorewall configuration (Details at end of post). >From within this config, I have a few ports redirected for use with portsentry (like the mini-howto directs forbidden port accesses to port 49999). This works
2005 Jun 22
0
Issue migrating from 1.4.6c to 2.4.0 with all zone in DNAT rule
Hi all, net : internet zone dmz : DMZ zone Lan : local network zone in 1.4.6c this rule : DNAT all lan:10.0.0.1 tcp http - 192.0.0.1 does generate the following iptables rules in nat table : Chain OUTPOUT DNAT tcp -- 0.0.0.0/0 192.0.0.1 tcp dpt:http to:10.0.0.1 Chain net_dnat DNAT tcp -- 0.0.0.0/0 192.0.0.1 tcp dpt:http to:10.0.0.1 Chain dmz_dnat
2004 Sep 22
3
Strange DNAT problems with shorewall 1.4.8
I''ve had some issues with my network, and I''ve had to reconfigure my Gibraltar CD. It runs shorewall 1.4.8, and I have a 2-interface setup, so I downloaded the relevant files from the install page. Masq and such works, but I''m having a problem with my port forwarding. It works for port 22, but it doesn''t seem to work for any other port. I''ve turned
2006 Oct 26
1
Saprouter forwarding from shorewall firewall to an internal saprouter server
Hi guys, i have a 2-interfaces nic cards Shorewall 3.0.x Firewall. I need to allow access to an internal saprouter server from internet. When i try a connection from the sapgui from a workstation on Internet i get a connection time-out on port 3299 by the saprouter My shorewall interfaces configuration is: ZONE INTERFACE BROADCAST OPTIONS loc eth3 detect
2004 Sep 23
0
two internet connections don''t appear to be masqing
I have a script for dual internet connections that does this: ------------------------- #!/bin/bash IF1=eth1 IP1=203.219.190.106 P1=203.219.190.105 P1_NET=203.219.190.104 IF2=eth2 IP2=220.245.224.46 P2=220.245.224.45 P2_NET=220.245.224.44 IF0=eth0 P0_net=192.168.0.0 TABLE1=inet1 TABLE2=inet2 ip route add $P1_NET dev $IF1 src $IP1 table $TABLE1 ip route add default via $P1 table $TABLE1 ip
2005 Mar 31
1
can''t use shorewall in a UML-Session
Hi folks, sorry for my bad english, but I am not a native speaker. I want to setup a virtual firewall-host in a UML-Session. I''m using Kernel 2.4.27-um1 and shorewall 2.2.2-2 from Debian sarge. I have 4 nic''s in my System: eth0 -> localnet 0 eth1 -> localnet 1 eth2 -> wlan eth3 -> DSL/ppp0 I''m using four bridges br0,br1,br2,br3. The UML firewall host is
2005 Jul 28
3
Routing for multiple uplinks/providers problem.
Been running this for quite a while and noticed that have intermittent problems getting out. Find that if I ping the same site from 2 computers it may work on one and fail on the other. Also was surprised that some time they are going out different interfaces at the same time. Seems to work all the time from the firewall. Running 2.6.10 kernel with the multipath routing patches on a debian
2005 Jan 02
1
Linksys router and shorewall
I''m not a subscribed user, so please cc me on any replies (fier0@bigfoot.com). I know this has been asked a few times, but i have not been able to find a direct answer. I was using shorewall with 2 nics, and it worked fine, except if that linux box went down then nobody could get out to the internet (and the wife would kick my ass). I''ve now started to use my linksys
2004 Nov 25
12
simple dual Internet connection setup not sending return packets on correct interface
I have a very simple setup exactly as described in the HOWTO section " 4.2. Routing for multiple uplinks/providers". One is cable (eth1: dhcp) and the other is PPPoE (ppp0). I used the following commands to configure the routing once all of my interfaces are up and i have configured SNATing for them: ip route add 66.11.173.0/24 dev ppp0 src 66.11.173.224 table 11 ip route add default
2012 Sep 05
2
DNAT issue
Hi, Sorry, not an experienced shorewall user, this is my first basic setup. This starts to drive me crazy. I wanted to use DNAT to forward port 33890 to an internal machine (windows) port 3389. To reach my workstation when I''m not home. In my rules : DNAT:debug net loc:192.168.0.11:3389 tcp 33890 - pub.lic.ip.add #SECTION BLACKLIST #well known port scans DROP net
2005 Jan 20
1
Can I pass PPTP packets thru 2 firewalls?
Is it possible to pass PPTP packets through 2 firewalls before they hit the remote access server? I installed a Netgear ProSafe VPN firewall as the first line of defense in my network. I have since set up a Fedora Core 2 server running Shorewall 2.1.3 and Squid in non-transparent mode, between the Netgear unit and my network. So, the Netgear faces the Internet with a public, static, IP address.
2004 Sep 07
1
Problem with DNAT
Hi I have this configuration: eth0 Link encap:Ethernet HWaddr 00:C0:F0:54:DC:1E inet addr:10.10.10.166 Bcast:10.10.10.167 Mask:255.255.255.248 inet6 addr: fe80::2c0:f0ff:fe54:dc1e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1738708 errors:0 dropped:0 overruns:0 frame:0 TX packets:1538724 errors:0 dropped:0
2004 Sep 07
1
Problem with DNAT 3 IP''s two NIC
Thanks Tom Sorry, I was wrong, this is the correct question... I have this configuration: | Email Server 192.168.0.253 | ___|___ Port 25 SMTP ___|____ ____ | LAN |-------------------------------------Eth1
2004 Sep 29
10
DNAT + Masq Problem - Yes I read the FAQ I promise
I have a debian woody machine acting as a firewall for a small network. I am trying to do a simple DNAT to port 80 on the protected webserver and masquerade all traffic from the protect subnet outbound. After having read the FAQ and various posts regarding problems with DNAT I''m afraid I''m no closer to a solution. Based on the output from "shorewall show nat" I
2005 Jan 11
1
Squid and DMZ (ProxyARP)
Hello All, I have a question about setting up the shorewall firewall for squid, I followed the instructions on "Using Shorewall with Squid" --> "Squid Running in the DMZ" section. For some reason I am unable to get the program to work. I am able to have the squid work properly by using squidclient program, but once I setup the firewall to use the redirect I am unable to
2004 Sep 29
0
Re: Shorewall-users Digest, Vol 22, Issue 65
Hi I have 2nic firewall . I had to open some ranges of udp and tcp ports . I faced a problem that although all the ports are open Some functionality was not working . Any body used shorewall with H323 Voip traffic DNATed . Any help is appretiated . Thanks ----- Original Message ----- From: <shorewall-users-request@lists.shorewall.net> To: <shorewall-users@lists.shorewall.net> Sent:
2012 Sep 27
3
vsFTP and shorewall
Dear all, Dear support and users: Sorry to trouble you! I configure the shorewall firewall to forward ftp and ssh port to another server, but failed. Can you help me check? I cannot login both SSH 2222 and ftp! Below is my environment: (attachment is shorewall dump) 1. Gateway (FC6) 1.1) eth0: lan static IP: 192.168.1.20 1.2) eth1: external public static IP:
2004 Aug 19
4
MASQUERADE problem again...
Dear list members, Masquerading does''not work for me. This is a Mandrake Linux 10 system, but I use another kernel, that included in the original distribution (original: 2.6.3, now used 2.6.8 because of a lot of suck with OpenSwan with kernels prior 2.6.4). The problem seems to be similar or identical mentioned here: