__ Informace od NOD32 1990 (20070119) __
Tato zprava byla proverena antivirovym systemem NOD32.
http://www.nod32.cz
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel
Hi Jiří,
Jiří Červenka wrote:
Hello,
I´m running shorewall 3.0.2 on debian sarge box.
I have w2k3 box on eth1 with both public and local ip address running
FTP server.
I have set proxy arp for this host.
Now I try to drop ftp packets from one ip address in internet, but my
setup do not
Pieter Ennes napsal(a):
Hi Jiří,
Jiří Červenka wrote:
Hello,
I´m running shorewall 3.0.2 on debian sarge box.
I have w2k3 box on eth1 with both public and local ip address running
FTP server.
I have set proxy arp for this host.
Now I try to drop ftp packets from one ip address in
Hi,
Jiří Červenka wrote:
What about changing this to loc:[local address] in stead of loc:[public
address]? Does that help?
Otherwise you could also consider the blacklisting feature.
No, this do not help. The conections from net goes directly to my FTP
server public ip addres to port
Hi,
Jiří Červenka wrote:
Using black list helped, replacing not. But I want to be able to control
this by rules file.
Ok, and I left my mind somewhere, the local IP didn't make sense anyhow.
policy:
#SOURCE DESTPOLICY LOG LEVEL
LIMIT:BURST
loc
Tom Eastep wrote:
Michael Mansour wrote:
Hi,
I'm using shorewall 2.4.9 running on Scientific Linux 4.4 (RHEL 4 Update 4).
I'd like to start counting the bandwidth they are using, whether that be for
subnets or IP's on their dedicated servers.
Can shorewall do this? if so, how? will I
Hristo Benev wrote:
According to the document if I want to do accounting by IP and I have
/24 network I need to have 253(4) rules.
Yes -- in which case, you probably want to use another accounting method
besides Shorewall.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently
For those of you in the US using Comcast as your ISP, you'll know that
they now have a feature called Powerboost available in the regions they
serve. Basically, it allows people to have higher-than-rated throughput
for the first few minutes of data transfer. After those few minutes,
they're
Tom Eastep wrote:
Hristo Benev wrote:
According to the document if I want to do accounting by IP and I have
/24 network I need to have 253(4) rules.
Yes -- in which case, you probably want to use another accounting method
besides Shorewall.
-Tom
Hi,
I recently upgraded a two-interface box from 2.x to 3.2.6 on Debian
Etch, Linux 2.6.17. We run openswan on the box as well for road
warriors. I have read http://www.shorewall.net/IPSEC-2.6.html, but no
dice. I note that the link mentions raccoon, but I hope that openswan
works with this
Hristo Benev wrote:
Tom Eastep wrote:
Hristo Benev wrote:
According to the document if I want to do accounting by IP and I have
/24 network I need to have 253(4) rules.
Yes -- in which case, you probably want to use another accounting method
besides Shorewall.
Could you,
List Receiver wrote:
For those of you in the US using Comcast as your ISP, you'll know that
they now have a feature called Powerboost available in the regions they
serve. Basically, it allows people to have higher-than-rated throughput
for the first few minutes of data transfer. After those few
Antony Gelberg wrote:
This used to work with Linux 2.4. Can anybody assist? I suspect it is
to do with policy matching but I don't really know enough about the
detail to know where to go from here. I have put a dump at
http://www.wayforth.co.uk/Members/antony/shorewall_dump/.
You appear
Tom Eastep wrote:
Antony Gelberg wrote:
This used to work with Linux 2.4. Can anybody assist? I suspect it is
to do with policy matching but I don't really know enough about the
detail to know where to go from here. I have put a dump at
Antony Gelberg wrote:
Tom Eastep wrote:
Antony Gelberg wrote:
This used to work with Linux 2.4. Can anybody assist? I suspect it is
to do with policy matching but I don't really know enough about the
detail to know where to go from here. I have put a dump at
Pieter Ennes napsal(a):
Hi,
Jiří Červenka wrote:
Using black list helped, replacing not. But I want to be able to control
this by rules file.
Ok, and I left my mind somewhere, the local IP didn't make sense anyhow.
policy:
#SOURCE DESTPOLICY
Jiří Červenka wrote:
Hello,
I´m running shorewall 3.0.2 on debian sarge box.
I have w2k3 box on eth1 with both public and local ip address running
FTP server.
I have set proxy arp for this host.
Now I try to drop ftp packets from one ip address in internet, but my
setup do not work.
Jiří Červenka wrote:
Tom Eastep napsal(a):
Jiří Červenka wrote:
Hello,
I´m running shorewall 3.0.2 on debian sarge box.
I have w2k3 box on eth1 with both public and local ip address running
FTP server.
I have set proxy arp for this host.
Now I try to drop ftp packets from one ip
Hi,
I can only point out one gotcha that I also ran into:
On 1/19/07, Jim Duda [EMAIL PROTECTED] wrote:
I'm having troubles with my outbound VOIP connection. I'm convinced
that I don't have QOS/traffic shaping configured properly in my
shorewall linux firewall, which serves as my Asterisk
David,
Like this ?
1 $FW 0.0.0.0/0 udp 4569
1 $FW 0.0.0.0/0 tcp 4569
1 $FW 0.0.0.0/0 udp 5060
1 $FW 0.0.0.0/0 tcp 5060
2 $FW 0.0.0.0/0 icmp echo-request
2 $FW 0.0.0.0/0 icmp echo-reply
3 $FW 0.0.0.0/0 tcp 20
3 $FW 0.0.0.0/0 tcp 21
3 $FW 0.0.0.0/0 tcp 22
4 $FW 0.0.0.0./0 all - - - !0
Jim
David
On 1/19/07, Jim Duda [EMAIL PROTECTED] wrote:
David,
Like this ?
1 $FW 0.0.0.0/0 udp 4569
1 $FW 0.0.0.0/0 tcp 4569
1 $FW 0.0.0.0/0 udp 5060
1 $FW 0.0.0.0/0 tcp 5060
2 $FW 0.0.0.0/0 icmp echo-request
2 $FW 0.0.0.0/0 icmp echo-reply
3 $FW 0.0.0.0/0 tcp 20
3 $FW 0.0.0.0/0 tcp 21
3 $FW
Hi
what is the best choice into shorewall for limit DoS possibilities ?
Thanks bye
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions
22 matches
Mail list logo