Re: [Efw-user] Problems updating snort
It worked for me last night also, however I have it installed on RED, GREEN and ORANGE and they all worked On 10/23/07, woodrowbone <[EMAIL PROTECTED]> wrote: > > > Thx 2 Peter and everyone else in here. :handshake: > I can also confirm that the update works if you disable green and then > update the red only, > Looking forward to the next release Peter. :jumping: > > Woodrow > > > wharfratjoe wrote: > > > > its working now for "registered users" rules. I disabled SNORT on the > > green network on both versions and updates are working now. It worked > > before, not sure if the 2.3 rules not being available anymore like > others > > stated has to do with green network rules. > > > > I also made NO changes to any scripts on the Endian firewalls to force > 2.4 > > rules to replace the 2.3 rules. > > > > also like peter mentioned, do not try to update multiple times within (i > > think the same hour), they may block for this type of behavior on the > > SNORT servers themselves. > > > > hope this helps > > > > > > wharfratjoe wrote: > >> > >> Same here with snort is not updating. same MD5 error > >> > >> I also tested snort on an older version of Endian and it is not > updating > >> on it as well: > >> > >> Linux fw.domain.int 2.6.9-34.0.1.EL.endian14 #1 Thu May 25 21:56:03 EDT > >> 2006 i686 i686 i386 GNU/Linux > >> > >> > >> > >> > >> > >> Joseph L. Casale wrote: > >>> > >>> Exact scenario occurred for me as well. > >>> > >>> -Original Message- > >>> From: [EMAIL PROTECTED] > >>> [mailto:[EMAIL PROTECTED] On Behalf Of > woodrowbone > >>> Sent: October-16-07 3:55 AM > >>> To: efw-user@lists.sourceforge.net > >>> Subject: Re: [Efw-user] Problems updating snort > >>> > >>> > >>> Could some more people verify that this is the case on more Endian > 2.1.2 > >>> installs or just a fluke? > >>> I did test on another installation with the same results. > >>> Snort or Endian prob? > >>> > >>> Woodrow > >>> > >>> > >>> Tom-225 wrote: > > Hello Woodrow, > > I am had exactly the same problem yesterday night and found no > solution > for > it. > > Has anybody a solution for this? > > Greetings > tomakos > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:efw-user- > > [EMAIL PROTECTED] On Behalf Of woodrowbone > > Sent: Sonntag, 14. Oktober 2007 00:25 > > To: efw-user@lists.sourceforge.net > > Subject: [Efw-user] Problems updating snort > > > > > > Hi guys! > > All of a sudden I get these messages when trying to update the IDS > > (snort) > > First this mess: Invalid MD5Sum. > > Then this: Access refused with this oinkcode > > I did try to make a new account at snort with a new oinkcode but no > go > > >-( > > > > Anyone knows why:confused: > > > > Woodrow > > -- > > View this message in context: > http://www.nabble.com/Problems-updating- > > snort-tf4619676.html#a13193578 > > Sent from the efw-user mailing list archive at Nabble.com. > > > > > > > - > > This SF.net email is sponsored by: Splunk Inc. > > Still grepping through log files to find problems? Stop. > > Now Search log events and configuration files using AJAX and a > > browser. > > Download your FREE copy of Splunk now >> http://get.splunk.com/ > > ___ > > Efw-user mailing list > > Efw-user@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/efw-user > > > > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a > browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ___ > Efw-user mailing list > Efw-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/efw-user > > > >>> > >>> -- > >>> View this message in context: > >>> http://www.nabble.com/Problems-updating-snort-tf4619676.html#a13229993 > >>> Sent from the efw-user mailing list archive at Nabble.com. > >>> > >>> > >>> > - > >>> This SF.net email is sponsored by: Splunk Inc. > >>> Still grepping through log files to find problems? Stop. > >>> Now Search log events and configuration files using AJAX and a > browser. > >>> Download your FREE copy of Splunk now >> http://get.splunk.com/ > >>> ___ > >>> Efw-user mailing list > >>> Efw-user@lists.sourceforge.net > >>> https://lists.sourceforge.net/lists/listinfo/efw-user > >>> > >>> > ---
Re: [Efw-user] Problems updating snort
Thx 2 Peter and everyone else in here. :handshake: I can also confirm that the update works if you disable green and then update the red only, Looking forward to the next release Peter. :jumping: Woodrow wharfratjoe wrote: > > its working now for "registered users" rules. I disabled SNORT on the > green network on both versions and updates are working now. It worked > before, not sure if the 2.3 rules not being available anymore like others > stated has to do with green network rules. > > I also made NO changes to any scripts on the Endian firewalls to force 2.4 > rules to replace the 2.3 rules. > > also like peter mentioned, do not try to update multiple times within (i > think the same hour), they may block for this type of behavior on the > SNORT servers themselves. > > hope this helps > > > wharfratjoe wrote: >> >> Same here with snort is not updating. same MD5 error >> >> I also tested snort on an older version of Endian and it is not updating >> on it as well: >> >> Linux fw.domain.int 2.6.9-34.0.1.EL.endian14 #1 Thu May 25 21:56:03 EDT >> 2006 i686 i686 i386 GNU/Linux >> >> >> >> >> >> Joseph L. Casale wrote: >>> >>> Exact scenario occurred for me as well. >>> >>> -Original Message- >>> From: [EMAIL PROTECTED] >>> [mailto:[EMAIL PROTECTED] On Behalf Of woodrowbone >>> Sent: October-16-07 3:55 AM >>> To: efw-user@lists.sourceforge.net >>> Subject: Re: [Efw-user] Problems updating snort >>> >>> >>> Could some more people verify that this is the case on more Endian 2.1.2 >>> installs or just a fluke? >>> I did test on another installation with the same results. >>> Snort or Endian prob? >>> >>> Woodrow >>> >>> >>> Tom-225 wrote: Hello Woodrow, I am had exactly the same problem yesterday night and found no solution for it. Has anybody a solution for this? Greetings tomakos > -Original Message- > From: [EMAIL PROTECTED] [mailto:efw-user- > [EMAIL PROTECTED] On Behalf Of woodrowbone > Sent: Sonntag, 14. Oktober 2007 00:25 > To: efw-user@lists.sourceforge.net > Subject: [Efw-user] Problems updating snort > > > Hi guys! > All of a sudden I get these messages when trying to update the IDS > (snort) > First this mess: Invalid MD5Sum. > Then this: Access refused with this oinkcode > I did try to make a new account at snort with a new oinkcode but no go > >-( > > Anyone knows why:confused: > > Woodrow > -- > View this message in context: http://www.nabble.com/Problems-updating- > snort-tf4619676.html#a13193578 > Sent from the efw-user mailing list archive at Nabble.com. > > > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a > browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ___ > Efw-user mailing list > Efw-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user >>> >>> -- >>> View this message in context: >>> http://www.nabble.com/Problems-updating-snort-tf4619676.html#a13229993 >>> Sent from the efw-user mailing list archive at Nabble.com. >>> >>> >>> - >>> This SF.net email is sponsored by: Splunk Inc. >>> Still grepping through log files to find problems? Stop. >>> Now Search log events and configuration files using AJAX and a browser. >>> Download your FREE copy of Splunk now >> http://get.splunk.com/ >>> ___ >>> Efw-user mailing list >>> Efw-user@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/efw-user >>> >>> - >>> This SF.net email is sponsored by: Splunk Inc. >>> Still grepping through log files to find problems? Stop. >>> Now Search log events and configuration files using AJAX and a browser. >>> Download your FREE copy of Splunk now >> http://get.splunk.com/ >>> ___ >>> Efw-user mailing list >>> Efw-user@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/efw-user >>> >>
Re: [Efw-user] Problems updating snort
its working now for "registered users" rules. I disabled SNORT on the green network on both versions and updates are working now. It worked before, not sure if the 2.3 rules not being available anymore like others stated has to do with green network rules. I also made NO changes to any scripts on the Endian firewalls to force 2.4 rules to replace the 2.3 rules. also like peter mentioned, do not try to update multiple times within (i think the same hour), they may block for this type of behavior on the SNORT servers themselves. hope this helps wharfratjoe wrote: > > Same here with snort is not updating. same MD5 error > > I also tested snort on an older version of Endian and it is not updating > on it as well: > > Linux fw.domain.int 2.6.9-34.0.1.EL.endian14 #1 Thu May 25 21:56:03 EDT > 2006 i686 i686 i386 GNU/Linux > > > > > > Joseph L. Casale wrote: >> >> Exact scenario occurred for me as well. >> >> -Original Message- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of woodrowbone >> Sent: October-16-07 3:55 AM >> To: efw-user@lists.sourceforge.net >> Subject: Re: [Efw-user] Problems updating snort >> >> >> Could some more people verify that this is the case on more Endian 2.1.2 >> installs or just a fluke? >> I did test on another installation with the same results. >> Snort or Endian prob? >> >> Woodrow >> >> >> Tom-225 wrote: >>> >>> Hello Woodrow, >>> >>> I am had exactly the same problem yesterday night and found no solution >>> for >>> it. >>> >>> Has anybody a solution for this? >>> >>> Greetings >>> tomakos >>> -Original Message- From: [EMAIL PROTECTED] [mailto:efw-user- [EMAIL PROTECTED] On Behalf Of woodrowbone Sent: Sonntag, 14. Oktober 2007 00:25 To: efw-user@lists.sourceforge.net Subject: [Efw-user] Problems updating snort Hi guys! All of a sudden I get these messages when trying to update the IDS (snort) First this mess: Invalid MD5Sum. Then this: Access refused with this oinkcode I did try to make a new account at snort with a new oinkcode but no go >-( Anyone knows why:confused: Woodrow -- View this message in context: http://www.nabble.com/Problems-updating- snort-tf4619676.html#a13193578 Sent from the efw-user mailing list archive at Nabble.com. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user >>> >>> >>> - >>> This SF.net email is sponsored by: Splunk Inc. >>> Still grepping through log files to find problems? Stop. >>> Now Search log events and configuration files using AJAX and a browser. >>> Download your FREE copy of Splunk now >> http://get.splunk.com/ >>> ___ >>> Efw-user mailing list >>> Efw-user@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/efw-user >>> >>> >> >> -- >> View this message in context: >> http://www.nabble.com/Problems-updating-snort-tf4619676.html#a13229993 >> Sent from the efw-user mailing list archive at Nabble.com. >> >> >> - >> This SF.net email is sponsored by: Splunk Inc. >> Still grepping through log files to find problems? Stop. >> Now Search log events and configuration files using AJAX and a browser. >> Download your FREE copy of Splunk now >> http://get.splunk.com/ >> ___ >> Efw-user mailing list >> Efw-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/efw-user >> >> - >> This SF.net email is sponsored by: Splunk Inc. >> Still grepping through log files to find problems? Stop. >> Now Search log events and configuration files using AJAX and a browser. >> Download your FREE copy of Splunk now >> http://get.splunk.com/ >> ___ >> Efw-user mailing list >> Efw-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/efw-user >> >> > > -- View this message in context: http://www.nabble.com/Problems-updating-snort-tf4619676.html#a13368819 Sent from the efw-user mailing list archive at Nabble.com. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and config
Re: [Efw-user] Back to the content filter...
I would set each client to use DHCP. That way, you won't have any mis-configured clients. At least try it with one client and see what happens... Of course you'll need to enable the DHCP service for this. It's no problem that the router on the red can't be denated. I use this setup all the time for some customers. By the way, I have many customers that use simple natted routers as their only firewall, and dont have problems. Although most routers dont provide the control that efw does... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephane Parenton Sent: Tuesday, October 23, 2007 10:11 AM To: efw-user@lists.sourceforge.net Subject: Re: [Efw-user] Back to the content filter... compdoc a écrit : > Is there another router on the lan? Maybe the clients arent going thru the efw? > > Open a dos window on a client, and type: ipconfig /all > > Is the gateway IP the same as the IP of the green nic? > > Whats the dns server ip thats listed? Are the clients using DHCP? > > The config is the following There is a red/green config. The red is DHCP and gets DNS from a modem/router that cannot be denated and does not provide a REAL Firewall. So EFW is here and the green provides another nated network (double nat from internet to the PCs). The gateway IP is the same as the green IP for every PCs. The clients are not using DHCP, tey're all with fixed Adress, and the DNS points to the green IP. As far as I know, they can only go through the firewall The PCs are connected to a switch that is connected to the FW that is connected to the modem/router (only one cable... )... I cannot see anything wrong there... so far... Stephane - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Green, Orange and Read - Content filter/proxy issue...
on 10/23/2007 8:23 AM Tom Bishop spake the following: > Yes it is nat'd and port forward to the red side, I can access from the > outside, just not from the inside green domain. I haven't tried to > access it by the external IP, I'll give that a try. > > > Is there not a way to turn off the proxy for that specific host? > I am still in the shakedown stages of testing Endian, so in general it should be possible. It might just be safer to access by the red address unless you are trying to do some sort of split hosting to show different content to the inside than the outside. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Back to the content filter...
compdoc a écrit : > Is there another router on the lan? Maybe the clients aren’t going thru the > efw? > > Open a dos window on a client, and type: ipconfig /all > > Is the gateway IP the same as the IP of the green nic? > > Whats the dns server ip that’s listed? Are the clients using DHCP? > > The config is the following There is a red/green config. The red is DHCP and gets DNS from a modem/router that cannot be denated and does not provide a REAL Firewall. So EFW is here and the green provides another nated network (double nat from internet to the PCs). The gateway IP is the same as the green IP for every PCs. The clients are not using DHCP, tey're all with fixed Adress, and the DNS points to the green IP. As far as I know, they can only go through the firewall The PCs are connected to a switch that is connected to the FW that is connected to the modem/router (only one cable... )... I cannot see anything wrong there... so far... Stephane - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Back to the content filter...
Is there another router on the lan? Maybe the clients arent going thru the efw? Open a dos window on a client, and type: ipconfig /all Is the gateway IP the same as the IP of the green nic? Whats the dns server ip thats listed? Are the clients using DHCP? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephane Parenton Sent: Tuesday, October 23, 2007 9:35 AM To: efw-user@lists.sourceforge.net Subject: Re: [Efw-user] Back to the content filter... Stephane Parenton a écrit : > compdoc a écrit : > >> I dont think there is a link between the two. >> >> And the content filter does work. I have two customers who keep their employees >> off those websites that are most likely to infect your computer with some virus. >> >> >> In fact, it works too well - the wrong word on the news page of sites like >> msn.com or yahoo.com will prevent them from opening, so you have to place them >> in the whitelist. >> >> It works thru the Advanced Web Proxy, which unless the proxy address is set up >> in IE, will not be used by default. Setting it to 'transparent on Green' will >> solve all that without you having to change IE's settings on all the clients. >> And of course Contentfilter is enabled there as well. >> >> On the Content filter page, I set it up like this for businesses: >> >> Max score: 300, PICS enabled >> Block Pages with categories: (all you decide) >> Block pages known to have content: (all you decide) >> Black and white lists: (as needed) >> >> If you've set this, and it still isnt working, try rebooting the efw. >> >> >> > Hi, > > I actuallay lower the score to 50, in order to be fully catched by the > content filter, pics is enabled, nearly every page categories were > selected in the test as well as the content pages... Regarding the black > list, i've only entered the selected site to be tested I will reboot > the FW (as i will see the customer on friday) and tell wether it's ok or > not... > > If've rebooted the server, restarted the proxy, but nothing more... At home i have a EFW 2.1. I have enabled the content filter, and when i try to go to www.grosseins.com (blacklisted), i have the page "access denied", so everything is OK... At my customer's, I enabled content filter on a 2.1.2 install, and have alltogether nearly every bad words prono and games selected AND only one site blacklisted : www.grosseins.com... And I can access the site freely... i have noticed today that they have changed their front page !!! I have restarted the FW, have save/restarted the proxy... nothing should be wrong... except that the proxy/content filter does not filter... Apart from re-installing EFW, what should i look at in order to solve the problem ? Stephane - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Back to the content filter...
Stephane Parenton a écrit : > compdoc a écrit : > >> I don’t think there is a link between the two. >> >> And the content filter does work. I have two customers who keep their >> employees >> off those websites that are most likely to infect your computer with some >> virus. >> >> >> In fact, it works too well - the wrong word on the news page of sites like >> msn.com or yahoo.com will prevent them from opening, so you have to place >> them >> in the whitelist. >> >> It works thru the Advanced Web Proxy, which unless the proxy address is set >> up >> in IE, will not be used by default. Setting it to 'transparent on Green' will >> solve all that without you having to change IE's settings on all the clients. >> And of course Contentfilter is enabled there as well. >> >> On the Content filter page, I set it up like this for businesses: >> >> Max score: 300, PICS enabled >> Block Pages with categories: (all you decide) >> Block pages known to have content: (all you decide) >> Black and white lists: (as needed) >> >> If you've set this, and it still isn’t working, try rebooting the efw. >> >> >> > Hi, > > I actuallay lower the score to 50, in order to be fully catched by the > content filter, pics is enabled, nearly every page categories were > selected in the test as well as the content pages... Regarding the black > list, i've only entered the selected site to be tested I will reboot > the FW (as i will see the customer on friday) and tell wether it's ok or > not... > > If've rebooted the server, restarted the proxy, but nothing more... At home i have a EFW 2.1. I have enabled the content filter, and when i try to go to www.grosseins.com (blacklisted), i have the page "access denied", so everything is OK... At my customer's, I enabled content filter on a 2.1.2 install, and have alltogether nearly every bad words prono and games selected AND only one site blacklisted : www.grosseins.com... And I can access the site freely... i have noticed today that they have changed their front page !!! I have restarted the FW, have save/restarted the proxy... nothing should be wrong... except that the proxy/content filter does not filter... Apart from re-installing EFW, what should i look at in order to solve the problem ? Stephane - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Green, Orange and Read - Content filter/proxy issue...
Yes it is nat'd and port forward to the red side, I can access from the outside, just not from the inside green domain. I haven't tried to access it by the external IP, I'll give that a try. Is there not a way to turn off the proxy for that specific host? On 10/23/07, Scott Silva <[EMAIL PROTECTED]> wrote: > > on 10/23/2007 5:50 AM Tom Bishop spake the following: > > OK, weel I appear to have a proxy/content filter issue that I can't seem > > to find a solution to. I have pc's behind the green interface a www > > server behind the orange interface and of course the internet out of the > > red. The green segment is on a 10.x.x.x/24 segment and the orange is on > > a 172.x.x.x/24 segment. I have full dns resolution, meaning that I run > > a DNS server on the inside green segment and can reach the www server > > using its name and do not use hosts files. The problem lies when I turn > > on transparnet proxy for the green segment, when I enable this I cannot > > reach the www server on the orange segment, either by name or ip address > > ( 172.x.x.x). So i saw that in the NAC section I can add subnets source > > and destination to turn off the proxy so I did that and it started > > working again, but then discovered when I did this my content filters > > stopped working to the internet. So, does anyone have any ideas how I > > can enable proxy+content filter and still have access to my orange www > > server? Thanks. > > > Is your webserver also natted or portforwarded to the red side? > If so, try and access it by that address and see if you can reach it. > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't > > > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ___ > Efw-user mailing list > Efw-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/efw-user > - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Green, Orange and Read - Content filter/proxy issue...
on 10/23/2007 5:50 AM Tom Bishop spake the following: > OK, weel I appear to have a proxy/content filter issue that I can't seem > to find a solution to. I have pc's behind the green interface a www > server behind the orange interface and of course the internet out of the > red. The green segment is on a 10.x.x.x/24 segment and the orange is on > a 172.x.x.x/24 segment. I have full dns resolution, meaning that I run > a DNS server on the inside green segment and can reach the www server > using its name and do not use hosts files. The problem lies when I turn > on transparnet proxy for the green segment, when I enable this I cannot > reach the www server on the orange segment, either by name or ip address > ( 172.x.x.x). So i saw that in the NAC section I can add subnets source > and destination to turn off the proxy so I did that and it started > working again, but then discovered when I did this my content filters > stopped working to the internet. So, does anyone have any ideas how I > can enable proxy+content filter and still have access to my orange www > server? Thanks. > Is your webserver also natted or portforwarded to the red side? If so, try and access it by that address and see if you can reach it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] Green, Orange and Read - Content filter/proxy issue...
OK, weel I appear to have a proxy/content filter issue that I can't seem to find a solution to. I have pc's behind the green interface a www server behind the orange interface and of course the internet out of the red. The green segment is on a 10.x.x.x/24 segment and the orange is on a 172.x.x.x/24 segment. I have full dns resolution, meaning that I run a DNS server on the inside green segment and can reach the www server using its name and do not use hosts files. The problem lies when I turn on transparnet proxy for the green segment, when I enable this I cannot reach the www server on the orange segment, either by name or ip address (172.x.x.x). So i saw that in the NAC section I can add subnets source and destination to turn off the proxy so I did that and it started working again, but then discovered when I did this my content filters stopped working to the internet. So, does anyone have any ideas how I can enable proxy+content filter and still have access to my orange www server? Thanks. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] SMTP proxy and Smarthost question
I was looking at implementing the SMTP proxy use the smarthost option... but what i am unclear on whether or not i have to configure my internal email server to use my ISP SMTP server for out going email, or would Endian do that automatically for me.. please advise. -- With Jah Jah Anything is Possible - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
