Re: [Efw-user] 2.4.1 Port forwarding on RED multi-IP broken
That sounds like a good idea. The backup configs may have caused the issue. When changing Minor versions, programs will be updated, sometimes a major update as well. So that sounds like a good place to start hunting. Daniel Moree Systems Analyst [re]defining ready 300 East College Avenue | Hartsville, SC 29550 phone: (843) 383-8186 | help desk: (843) 383-8323 Become a Fan! - http://www.facebook.com/cokercollege http://www.coker.edu | http://support.coker.edu On 02/10/2011 07:47 PM, Max Veprinsky wrote: Daniel, Thank you for the reply. I also selected the NAT to listen on both RED IP's and still no dice. After installing 2.4.1, I restored from a backup I had made prior running 2.3.0 I will also try removing all RED interfaces and and setting up RED from scratch. -- Max On Thu, Feb 10, 2011 at 7:00 AM, Daniel Moree mailto:dmo...@coker.edu>> wrote: I would say double check your NAT setup and ensure that it is setup to work with your second IP address. Not sure why it would stop in 2.4.1, but I'll look into it in the next day or so with a few virtual machines. Daniel Moree Systems Analyst [re]defining ready 300 East College Avenue | Hartsville, SC 29550 phone: (843) 383-8186 | help desk: (843) 383-8323 Become a Fan! - http://www.facebook.com/cokercollege http://www.coker.edu | http://support.coker.edu On 02/09/2011 06:13 PM, Max Veprinsky wrote: Hello, To RED interface I have 2 IP addresses bound, both are on the same subnet. Port forwarding (destination NAT) with the second IP address is no longer working with 2.4.1. This was working with 2.3.0 Port forwarding however is working fine when using the primary IP on RED. I can see in that traffic is coming in on endian with tcpdump, but it's not making past the firewall. Please advise Regards, -- Max Confidentiality Note The information contained in this email message is being transmitted to and is intended only for the use of the individual named above. If the reader of this message is not the intended recipient, you are hereby advised that any dissemination, distribution or copy of this email is strictly prohibited. If you have received this email in error, please immediately notify us by telephone or email and delete this email message. -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ Efw-user mailing list Efw-user@lists.sourceforge.net<mailto:Efw-user@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/efw-user Confidentiality Note The information contained in this email message is being transmitted to and is intended only for the use of the individual named above. If the reader of this message is not the intended recipient, you are hereby advised that any dissemination, distribution or copy of this email is strictly prohibited. If you have received this email in error, please immediately notify us by telephone or email and delete this email message. -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] 2.4.1 Port forwarding on RED multi-IP broken
I would say double check your NAT setup and ensure that it is setup to work with your second IP address. Not sure why it would stop in 2.4.1, but I'll look into it in the next day or so with a few virtual machines. Daniel Moree Systems Analyst [re]defining ready 300 East College Avenue | Hartsville, SC 29550 phone: (843) 383-8186 | help desk: (843) 383-8323 Become a Fan! - http://www.facebook.com/cokercollege http://www.coker.edu | http://support.coker.edu On 02/09/2011 06:13 PM, Max Veprinsky wrote: > Hello, > > To RED interface I have 2 IP addresses bound, both are on the same > subnet. Port forwarding (destination NAT) with the second IP address > is no longer working with 2.4.1. This was working with 2.3.0 > > Port forwarding however is working fine when using the primary IP on > RED. I can see in that traffic is coming in on endian with tcpdump, > but it's not making past the firewall. > > Please advise > Regards, > -- Max Confidentiality Note The information contained in this email message is being transmitted to and is intended only for the use of the individual named above. If the reader of this message is not the intended recipient, you are hereby advised that any dissemination, distribution or copy of this email is strictly prohibited. If you have received this email in error, please immediately notify us by telephone or email and delete this email message. -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Multiple Interfaces on Green - EFW 2.4.1
I have not done this on EFW, but I have done it on my linux firewall systems I've built. So long as the two Green NICS have differing IP addresses, you should be able to ping them both. Try giving both eth0 and eth2 different IPs on the same subnet. Then turn off eth2. Ping eth0. Then flip and turn off eth0. Ping eth2. If both can be ping separately with differing IPs on the same subnet, it should work fine. You should then be able to turn both on and ping either IP. Though I should note that the route it will take will be that of going to the default route IP first normally. If the default route IP is that of eth0, then your traffic may go to eth0 then to eth2 then back. Do a few tests as I've stated above and let me know how it goes. I'll be happy to help you further if it still isn't working. Daniel Moree Systems Analyst [re]defining ready 300 East College Avenue | Hartsville, SC 29550 phone: (843) 383-8186 | help desk: (843) 383-8323 Become a Fan! - http://www.facebook.com/cokercollege http://www.coker.edu | http://support.coker.edu On 02/10/2011 12:33 AM, CoryC wrote: > Been using EFW on small networks for years and looking into using it to > replace a couple of Cisco PIX 515E firewalls that are currently linked via > VPN on a larger 100 user network. I'm not overly familiar with Cisco and want > something more easily manageable. > > Using a vmware environment to test if EFW can meet the requirements before > investing in hardware. I need to be able to setup 4 different zones with VPN > links between some of the zones. I am trying to setup two different subnets > on Green using two different NICs. > > Needless to say it's not working so I'm reducing to a basic config with 3 > nics: 2 green (eth0& eth2) w/ 1 IP& 1 red (eth1) w/ 1 IP. I have an XP VM > that can ping the green IP when it is attached to the same virtual switch as > eth0 but can not ping the green IP when it attached to the same virtual > switch as eth2. > > If I remove eth0 from the green zone then the VM can ping the green IP from > the eth2 switch. As soon as I re-add eth0 to the green zone I'm no longer > able to ping the green IP via the eth2 switch but can the eth0 switch. > > Next step will be to take a computer, a laptop,& a crossover cable for my > testing but before I do I wanted to know if anybody else had tried this yet > on 2.4.1 and confirmed that it worked right. > > > -- > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: > Pinpoint memory and threading errors before they happen. > Find and fix more than 250 security defects in the development cycle. > Locate bottlenecks in serial and parallel code that limit performance. > http://p.sf.net/sfu/intel-dev2devfeb > ___ > Efw-user mailing list > Efw-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/efw-user Confidentiality Note The information contained in this email message is being transmitted to and is intended only for the use of the individual named above. If the reader of this message is not the intended recipient, you are hereby advised that any dissemination, distribution or copy of this email is strictly prohibited. If you have received this email in error, please immediately notify us by telephone or email and delete this email message. -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Port 3131
Well, I'm working on hacking the 2.4 version to work on my server. Once I get it up and running, today hopefully, I'll look into that port and get an answer for you. Daniel Moree Systems Analyst [re]defining ready 300 East College Avenue | Hartsville, SC 29550 phone: (843) 383-8186 | help desk: (843) 383-8323 Become a Fan! - http://www.facebook.com/cokercollege http://www.coker.edu | http://support.coker.edu On 02/03/2011 11:10 AM, Matt Hayes wrote: > On 2/3/2011 11:00 AM, Daniel Moree wrote: >> It may be the update port. I'll look into it further for ya. Sorry, just >> joined this list a few days ago. >> >> Daniel Moree >> Systems Analyst >> >> [re]defining ready >> 300 East College Avenue | Hartsville, SC 29550 >> phone: (843) 383-8186 | help desk: (843) 383-8323 >> >> Become a Fan! - http://www.facebook.com/cokercollege >> http://www.coker.edu | http://support.coker.edu >> >> >> On 02/03/2011 10:02 AM, Matt Hayes wrote: >>> On 1/31/2011 11:59 AM, Matt Hayes wrote: >>>> Noticed this port in the firewall logs. Lots of connects to it from >>>> 127.0.0.1 (Endian firewall itself). >>>> >>>> What in the heck is this? More of a curious question than anything.. >>>> its listening on a port.. only on localhost, but connecting to itself. >>>>Just odd. >>>> >>>> >>>> Thanks, >>>> >>>> Matt >>> So, does this list even get looked at anymore? :) >>> >>> -Matt >>> > > No its fine! Just wanted to make sure my messages were getting through. > > That port is odd.. and I do think it is the update port, but it must be > something new in the 2.4.x series as I don't recall seeing it in 2.2 and > couldn't find documentation on it. > > -Matt > > -- > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > Finally, a world-class log management solution at an even better price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > ___ > Efw-user mailing list > Efw-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/efw-user Confidentiality Note The information contained in this email message is being transmitted to and is intended only for the use of the individual named above. If the reader of this message is not the intended recipient, you are hereby advised that any dissemination, distribution or copy of this email is strictly prohibited. If you have received this email in error, please immediately notify us by telephone or email and delete this email message. -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] EFW: 2.4.1 VPN Tunnel (openVPN)
This could be done, but you need to specify by IP the VPN destination. So, rather than me connecting to google.com as my VPN host I would connect to 74.125.157.147 for one tunnel and 74.125.157.148 for the other. Hypothetically. Daniel Moree Systems Analyst [re]defining ready 300 East College Avenue | Hartsville, SC 29550 phone: (843) 383-8186 | help desk: (843) 383-8323 Become a Fan! - http://www.facebook.com/cokercollege http://www.coker.edu | http://support.coker.edu On 02/02/2011 09:31 PM, Andres Gonzalez wrote: > Hello, I have 2 DSL connections and I wonder if it's possible to setup > 2 VPN (openVPN) tunnels against the same destination but one tunnel on > each DSL connection or EFW will use the "default" connection ? > Else, If I had 2 LAN (green) I can choose the origin by tunnel ? > > Thanks. > Regards. > > > > > -- > AGD Confidentiality Note The information contained in this email message is being transmitted to and is intended only for the use of the individual named above. If the reader of this message is not the intended recipient, you are hereby advised that any dissemination, distribution or copy of this email is strictly prohibited. If you have received this email in error, please immediately notify us by telephone or email and delete this email message. -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Port 3131
It may be the update port. I'll look into it further for ya. Sorry, just joined this list a few days ago. Daniel Moree Systems Analyst [re]defining ready 300 East College Avenue | Hartsville, SC 29550 phone: (843) 383-8186 | help desk: (843) 383-8323 Become a Fan! - http://www.facebook.com/cokercollege http://www.coker.edu | http://support.coker.edu On 02/03/2011 10:02 AM, Matt Hayes wrote: > On 1/31/2011 11:59 AM, Matt Hayes wrote: >> Noticed this port in the firewall logs. Lots of connects to it from >> 127.0.0.1 (Endian firewall itself). >> >> What in the heck is this? More of a curious question than anything.. >> its listening on a port.. only on localhost, but connecting to itself. >> Just odd. >> >> >> Thanks, >> >> Matt > > So, does this list even get looked at anymore? :) > > -Matt > > -- > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > Finally, a world-class log management solution at an even better price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > ___ > Efw-user mailing list > Efw-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/efw-user Confidentiality Note The information contained in this email message is being transmitted to and is intended only for the use of the individual named above. If the reader of this message is not the intended recipient, you are hereby advised that any dissemination, distribution or copy of this email is strictly prohibited. If you have received this email in error, please immediately notify us by telephone or email and delete this email message. -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] Endian 2.3 on HP DL360 G6
I hacked this once when we were testing the demo and got it working fine. But now that we have paid for it they have given us a new setup to run and install. Problem is that I can't get it hacked again. Don't remember what I did before and now that I've paid for it, I'm getting no help from Endian. Anyone have any pointers on how to install it on the GL360 G6? -- Daniel Moree Systems Analyst [re]defining ready 300 East College Avenue | Hartsville, SC 29550 phone: (843) 383-8186 | help desk: (843) 383-8323 Become a Fan! - http://www.facebook.com/cokercollege http://www.coker.edu | http://support.coker.edu Confidentiality Note The information contained in this email message is being transmitted to and is intended only for the use of the individual named above. If the reader of this message is not the intended recipient, you are hereby advised that any dissemination, distribution or copy of this email is strictly prohibited. If you have received this email in error, please immediately notify us by telephone or email and delete this email message. -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user