Displaying 20 results from an estimated 1000 matches similar to: "FW: SMTP traffic gets blocked"
2003 Jan 06
5
SMTP traffic gets blocked
Hi,
I am trying to configure the SMTP service on DMZ host. Added the rule:
ACCEPT wan dmz:66.58.99.84 tcp pop3 -
ACCEPT wan dmz:66.58.99.84 tcp 25 -
ACCEPT dmz:66.58.99.84 wan tcp 25 -
ACCEPT dmz:66.58.99.84 wan tcp pop3 -
issued shorewall clear, shorewall restart, but still couldn''t telnet to
the mail server
2003 Jan 14
1
Two web servers on DMZ zone with private ad dresses. How to?
That log message looks like someone (or some program) is trying to browse to
moreover.com from your web server machine--it''s not a reply to an external
request. You''d see messages like that if you were running some sort of HTTP
proxy server (like Squid) on that box (although they''d likely be to multiple
IPs, unless your users only browsed to p.moreover.com). It could
2003 Jan 14
1
Two web servers on DMZ zone with private addresses. How to?
Two quick questions to the group:
Anyone seen this before:
Jan 14 02:55:45 gw1 kernel: Shorewall:all2all:REJECT:IN=eth1 OUT=eth0 SRC=66.58.99.83 DST=170.224.8.51 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=38676 DF PROTO=TCP SPT=1735 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
I mean my web server is trying to replay to some external host 170.224.8.51 (p.moreover.com) for some reason. What could be? It
2003 Jan 09
19
New on the Web Site
While I''m in temporary retirement, I''ve decided spend a little time
experimenting with new things and making some updates to the web site. The
biggest result of this effort to date has been:
http://shorewall.sf.net/Shorewall_Squid_Usage.html
This outlines how to use Squid as a transparent proxy running on the
firewall, in the DMZ or in the local network. In the latter two
2003 Jan 06
1
SMTP problem
Can someone help me with this problem:
My host on the DMZ is inaccessible from the WAN on port 25. I tried to
telnet but getting:
$ telnet 66.58.99.84 25
Trying 66.58.99.84...
telnet: Unable to connect to remote host: No route to host
My shorewall/proxyarp is:
#address interface external haveroute
66.58.99.82 eth1 eth0 No
66.58.99.84 eth1
2003 Jan 15
5
HTB. QoS and Shorewall
Group,
I am reading about tc (traffic control) and willing to get my feet wet. As requirement, there should be HTB compiled in the kernel. I grabbed a Mandrake 8.2 distro, and didn''t installed the kernel source.
Anyone knows if the HTB is compiled in Mandrake 8.2, or point a way to find that out? I tried to read the /usr/src/kernel.xxxxx/.config file, but it doesn''t exists.
2003 Aug 31
1
sane network scanning problem
Hallo,
i have a problem to configure shorewall to enable scanning over the
network with sane.
The scanner is located at the firewall hosts local interface.
Why do i get a "all2all" message and not "loc2loc"
Aug 25 14:55:26 router saned[26946]: saned from sane-backends 1.0.11 ready
Aug 25 14:55:26 router saned[26946]: check_host: access by remote host: 192.168.0.250
Aug
2004 Aug 27
3
Proxy Arp Ip Conflicts
I must have something configured wrong somewhere. I''ve enabled proxy-arp on my
shorewall 2.0.7 firewall. Works fine for what its supposed to do, I can see
all the machines through it great. However, whenever its enabled, the network
on the DMZ goes screwy. I''ve narrowed it down to this:
when proxy arp is enabled for that interface, like such:
echo 1 >
2005 May 31
2
Local machine not through firewall
Currently I have shorewal 2.2 installed om my debian 2.6.8 kernel. The firewall machine can access the internet via a ethernet modem fine. The firewall can ping the local network. The local network can ping the firewall server, see the samba files. Howeven teh local network cannot access the internet through the firewall
Any suggestions?
Rob van Overbruggen
Settings and stats:
Server:
Eth1 :
2005 May 25
9
Newbie going through a probably stupid thing
Believe me:
Read the FAQ
Checked over and over
This might be toooooo stupid to be documented.
Please bear with me. Any help ?
Situation: single card standalone "firewall" (used like a "personal
firewall"). Have sshd running on the FW. Want the sshd daemon to be
accessible only from 2 LANs:
1) My other home LAN machine
2) IBM intranet machines (9.0.0.0)
Whatever I have
2005 Jan 06
6
Nested zones? (Or soemthing?)
[192.168.0.0/24 Lan]
v
[Shorewall box ''Curtain'', 192.168.0.254, DHCP to ISP, and a OpenVPN tunnel
10.4.0.2]
v
[Internet]
v
[Shorewall box ''statler'' 130.241.25.165, and an OpenVPN tunnel 10.4.0.1]
Now, i have set a rule on statler
ACCEPT vpn $FW tcp smtp
and i have as below.
root@statler:/etc/shorewall# cat zones | grep -v ^#
net Net Internet
2003 Nov 28
1
Problem getting dcgui-qt to work through shorewall
My dcgui-qt (chat/file-sharing program) doesn''t work and I''m pretty sure it''s my firewall settings.
dcgui-qt is a direct connect (file sharing & chat) client.
According to the FAQ here
(http://dcplusplus.sourceforge.net/faq/faq.php) all I should need to do
is:
-------
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
#
2005 Jan 11
2
dnat problem
Hi,
I have a proxy/firewall,
I want to dnat requests for 193.205.140.106 on port 443 towards
10.2.15.23 and requests for 193.205.140.106 on ports 4330 and 3389
towards 10.2.15.25, these rules must apply from internet, loc and fw
(some client use a proxy on fw to reach these servers)
I have tried with the following rules:
DNAT net dmz:10.2.15.23 tcp 443 -
2003 Oct 10
0
Problem with aliased interface
Hello!
I have a problem using shorewall on an aliased interface. Let me give
you a short description of the setup:
eth0 uses DHCP and will be assigned a 10.38.0.0/16 address by my ISP;
I use a host-route to access their PPTP on 10.0.0.138 with "pptp 10.0.0.138"
ppp0 is the Internetconnection then (duh)
At the same time I want to connect the box to my LAN using 10.1.0.0/16
or any
2005 Jan 08
8
Shorewall problem, perhaps with PPPoE
I have what strikes me as an odd problem with shorewall.
Let me describe my setup.
My desktop (alfred) is connected to the network
through an ADSL modem.
I am running rp-pppoe, and this works perfectly.
I have a small home network, with two LANs;
an Ethernet LAN (including a machine running Windows XP),
and a WiFi LAN, including the laptop (william) I am using now.
All the computers except for
2006 Feb 12
11
Local Network Can't Get Past Shorewall to the Internet
Greetings all,
I have just install Shorewall on a Debian system and
I''m using it as a firewall on an internal network.
The specifics of the system are as follows:
firewall:/var/log# shorewall version
3.0.4
firewall:/var/log# uname -a
Linux firewall 2.6.12-1-386 #1 Tue Sep 27 12:41:08 JST
2005 i586 GNU/Linux
Shorewall start successfully and $FW can connect to
the Internet for upgrading
2004 Nov 29
2
SFTP
(anonymous post) I have a simple 2 interface firewall setup and all is
good, almost. I am hosting virtual websites and DNS behind shorewall no
problem. However I am trying to use SFTP via a different port number and
have no luck even though Putty works well. Is there anything weird to
sftp and shorewall? My lab uses a different firewall (firestarter) and
it works OK.
I am using;
DNAT net
2004 Sep 21
1
squid on DMZ using proxyarp
sorry, i''m confuse where to post my problem..
i was post to shorewall-users, but must read to
support.html
this''s my problem
-----------
i have squid running on DMZ zone
and my network using ProxyARP on eth1 and eth2
mylinuxbox slackware 9.2
my network can access to internet normal, but can''t
redirect to squid server from firewall.
sometimes my network can connect
2003 Jul 30
9
occasional rejected packets
Hi,
I am getting occasional rejected packets like so:
Jul 31 09:52:03 firewall kernel: Shorewall:all2all:REJECT:IN=eth2
OUT=eth0 SRC=192.168.10.91 DST=132.147.22.6 LEN=48 TOS=0x00 PREC=0x00
TTL=127 ID=55364 DF PROTO=TCP SPT=1147 DPT=23 WINDOW=16384 RES=0x00 SYN
URGP=0
Jul 31 09:52:46 firewall kernel: Shorewall:all2all:REJECT:IN=eth2
OUT=eth0 SRC=192.168.10.26 DST=10.9.100.30 LEN=48 TOS=0x00
2003 Mar 28
9
Squid
I''m attempting to setup Squid as shown on:
http://shorewall.sourceforge.net/Shorewall_Squid_Usage.html#DMZ
The firewall is a Bering 1.0 firewall running Shorewall 1.3.11, Red Hat
7.2 on the server in the DMZ. I''m not seeing the requests come in to the
server using tcpdump. The server is 192.168.2.1 connecting to eth2 on the
firewall, the local traffic I''m trying to