Christopher Chan wrote:
Now I have to hop over to the Asterisk list to figure why with one
firewall the INVITE properly redirects the RTP to the RTP server, and
the with the other firewall this is not in the INVITE so the RTP flow
does not. ARGH!
I hope you are not trying to get
Toby Bluhm wrote:
Robert Moskowitz wrote:
qsm wrote:
maybe shorewall can do your live so easy.
It does not support the rtl8150 chipset. That is what the I have in
the way of USB ethernet dongles.
Which is another reason to go with a Centos based solution when you
need to put
Message ---*
From: Robert Moskowitz [EMAIL PROTECTED]
To: CentOS mailing list centos@centos.org
Sent: Thu, 3 Jan 2008 08:03:09 -0500
Subject: Re: [CentOS] Firewall frustration
Christopher Chan wrote:
I tried it. I had everything open. Then I blocked everything. Then I
set up a rule
Marko A. Jennings wrote:
On Thu, January 3, 2008 8:18 am, Robert Moskowitz wrote:
Steven Haigh wrote:
On 03/01/2008, at 3:34 PM, Robert Moskowitz wrote:
Christopher Chan wrote:
I spent much of the past 24 hours trying to find out how to set up
iptables for firewall
Christopher Chan wrote:
ip src/dest is used for routing decisions by the kernel. The IP state
machine (check the RFC or any decent TCP/IP textbook) is really quite
simple. But iptables sticks its nose into the center of that state
machine and can mangle addresses to change how packets flow
Over at the IEEE 802, we are voting ballots on wording that can be
interpreted on way with the Webster dictionary and another with the
Oxford dictionary.
So I am right about iptables controlling routing and you are right about
iptables NOT controlling routing, only influencing it. What does
Robert Moskowitz wrote:
qsm wrote:
maybe shorewall can do your live so easy.
It does not support the rtl8150 chipset. That is what the I have in
the way of USB ethernet dongles.
Which is another reason to go with a Centos based solution when you
need to put something up as you go.
On Thursday 03 January 2008 12:37:56 Christopher Chan wrote:
Too bad you missed the documentation on netfilter then. It would have
told you that the INPUT chain controls what comes to the box, the OUTPUT
chain what originates from the box and the FORWARD chain what goes
through the box.
You
On 03/01/2008, at 3:34 PM, Robert Moskowitz wrote:
Christopher Chan wrote:
I spent much of the past 24 hours trying to find out how to set up
iptables for firewall routing WITHOUT NATing. Could not find
anything.
Eh? You just need to enable ip forwarding to enable routing. After
maybe shorewall can do your live so easy.
--
-- Original Message
---
From: Robert Moskowitz [EMAIL PROTECTED]
To: CentOS mailing list centos@centos.org
Sent: Thu, 3 Jan 2008 08:03:09 -0500
Subject: Re: [CentOS] Firewall frustration
Christopher Chan
On Thu, January 3, 2008 8:18 am, Robert Moskowitz wrote:
Steven Haigh wrote:
On 03/01/2008, at 3:34 PM, Robert Moskowitz wrote:
Christopher Chan wrote:
I spent much of the past 24 hours trying to find out how to set up
iptables for firewall routing WITHOUT NATing. Could not find
anything.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marko A. Jennings
Sent: Thursday, January 03, 2008 7:29 AM
To: centos@centos.org
Subject: Re: [CentOS] Firewall frustration
On Thu, January 3, 2008 8:18 am, Robert Moskowitz wrote:
Steven Haigh
ip src/dest is used for routing decisions by the kernel. The IP state
machine (check the RFC or any decent TCP/IP textbook) is really quite
simple. But iptables sticks its nose into the center of that state
machine and can mangle addresses to change how packets flow through the
machine, or
I spent much of the past 24 hours trying to find out how to set up
iptables for firewall routing WITHOUT NATing. Could not find anything.
Eh? You just need to enable ip forwarding to enable routing. After that,
it is put up the firewall rules as is necessary, build the appropriate
routing
Christopher Chan wrote:
I spent much of the past 24 hours trying to find out how to set up
iptables for firewall routing WITHOUT NATing. Could not find anything.
Eh? You just need to enable ip forwarding to enable routing. After
that, it is put up the firewall rules as is necessary, build
I tried it. I had everything open. Then I blocked everything. Then I set
up a rule to allow SSH in to eth0 and out eth1 (and the other way). At
least I thought that was what the rules said, but no SSH connectivity
through the firewall. That was when I realized that I had not found the
Mark Weaver wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 31 Dec 2007 12:21:34 -0500
Robert Moskowitz [EMAIL PROTECTED] wrote:
William L. Maltby wrote:
On Mon, 2007-12-31 at 09:33 -0500, Robert Moskowitz wrote:
Peter Farrell wrote:
Problem
On Tue, 1 Jan 2008, Robert Moskowitz wrote:
Mark Weaver wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 31 Dec 2007 12:21:34 -0500
Robert Moskowitz [EMAIL PROTECTED] wrote:
William L. Maltby wrote:
On Mon, 2007-12-31 at 09:33 -0500, Robert Moskowitz wrote:
Peter Farrell
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 1 Jan 2008 08:57:22 -0500
Robert Moskowitz [EMAIL PROTECTED] wrote:
Have you ever thought about how rare floppy drives are now? At best
you go with a bootable usb, if your notebook supports bootable USB.
My Libretto does have a bootable
Mark Weaver wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 1 Jan 2008 08:57:22 -0500
Robert Moskowitz [EMAIL PROTECTED] wrote:
Have you ever thought about how rare floppy drives are now? At best
you go with a bootable usb, if your notebook supports bootable USB.
My Libretto
Firewall is up and running.
Used Shorewall with Webmin.
Les Bell wrote:
Robert Spangler [EMAIL PROTECTED] wrote:
While IPTABLES might be CHEAP (price) it is a very good firewall.
Learn to set it up from the command line, it isn't that hard.
Amen. I've been using CentOS for firewalls
On 02/01/2008, at 4:11 AM, Robert Moskowitz wrote:
I spent much of the past 24 hours trying to find out how to set up
iptables for firewall routing WITHOUT NATing. Could not find anything.
*boggle* Is it really that hard?
## Clear up whatever is in there at the moment.
iptables -F INPUT
Steven Haigh kirjoitti viestissään (lähetysaika tiistai, 1. tammikuuta 2008
20:23):
On 02/01/2008, at 4:11 AM, Robert Moskowitz wrote:
I spent much of the past 24 hours trying to find out how to set up
iptables for firewall routing WITHOUT NATing. Could not find anything.
There you go.
Thanks I will read this through a bit later. Perhaps I was making more
of it than needed, but my attempts were not working. And all I was
trying for at first was to allow SSH through.
Steven Haigh wrote:
On 02/01/2008, at 4:11 AM, Robert Moskowitz wrote:
I spent much of the past 24 hours
Problem is I want a REAL router/firewall with little work.
Run a smoothwall installtion and replace your CentOS install.
http://www.smoothwall.org/
-Peter
On 31/12/2007, Matt Shields [EMAIL PROTECTED] wrote:
On Dec 31, 2007 12:13 AM, Robert Moskowitz [EMAIL PROTECTED] wrote:
Well FWbuilder
Matt Shields wrote:
On Dec 31, 2007 12:13 AM, Robert Moskowitz [EMAIL PROTECTED] wrote:
Well FWbuilder is NOT easy. The documentation does not match the
current GUI. Now the box is locked up. I will have to pull it again,
hook it up to a kybd/VGA and reset iptables
Maybe Shoreline
Peter Farrell wrote:
Problem is I want a REAL router/firewall with little work.
Run a smoothwall installtion and replace your CentOS install.
http://www.smoothwall.org/
well first challenge is my unit's USB ethernet dongles. Centos uses the
RTL 8150 driver for them. Smoothwall only lists
Robert Moskowitz wrote:
Peter Farrell wrote:
Problem is I want a REAL router/firewall with little work.
Run a smoothwall installtion and replace your CentOS install.
http://www.smoothwall.org/
well first challenge is my unit's USB ethernet dongles. Centos uses
the RTL 8150 driver for
On Mon, 2007-12-31 at 09:33 -0500, Robert Moskowitz wrote:
Peter Farrell wrote:
Problem is I want a REAL router/firewall with little work.
Run a smoothwall installtion and replace your CentOS install.
http://www.smoothwall.org/
well first challenge is my unit's USB ethernet
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert Moskowitz
Sent: Sunday, December 30, 2007 9:13 PM
To: CentOS mailing list
Subject: [CentOS] Firewall frustration
Well FWbuilder is NOT easy. The documentation does not match
the current
On Mon December 31 2007 07:58, Robert Moskowitz wrote:
Full discloser time. My day job is with ICSAlabs. My area is security
protocols research (like setttin up the initial IPsec certification
criteria), but when I visit the labs there are all those firewall
products up and running
Robert Spangler wrote:
While IPTABLES might be CHEAP (price) it is a very good firewall.
Learn to set it up from the command line, it isn't that hard.
Try the following to learn it;
http://iptables.rlworkman.net/chunkyhtml/index.html
Forget those GUI interfaces.
one thing that bugs me
William L. Maltby wrote:
On Mon, 2007-12-31 at 09:33 -0500, Robert Moskowitz wrote:
Peter Farrell wrote:
Problem is I want a REAL router/firewall with little work.
Run a smoothwall installtion and replace your CentOS install.
http://www.smoothwall.org/
well first challenge
Dennis McLeod wrote:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert Moskowitz
Sent: Sunday, December 30, 2007 9:13 PM
To: CentOS mailing list
Subject: [CentOS] Firewall frustration
Well FWbuilder is NOT easy. The documentation does not match
Robert Spangler wrote:
On Mon December 31 2007 07:58, Robert Moskowitz wrote:
Full discloser time. My day job is with ICSAlabs. My area is security
protocols research (like setttin up the initial IPsec certification
criteria), but when I visit the labs there are all those firewall
On Dec 31, 2007 7:58 AM, Robert Moskowitz [EMAIL PROTECTED] wrote:
Matt Shields wrote:
On Dec 31, 2007 12:13 AM, Robert Moskowitz [EMAIL PROTECTED] wrote:
Well FWbuilder is NOT easy. The documentation does not match the
current GUI. Now the box is locked up. I will have to pull it
Matt Shields wrote:
On Dec 31, 2007 7:58 AM, Robert Moskowitz [EMAIL PROTECTED] wrote:
Matt Shields wrote:
On Dec 31, 2007 12:13 AM, Robert Moskowitz [EMAIL PROTECTED] wrote:
Well FWbuilder is NOT easy. The documentation does not match the
current GUI. Now the box is locked
Robert Spangler [EMAIL PROTECTED] wrote:
While IPTABLES might be CHEAP (price) it is a very good firewall.
Learn to set it up from the command line, it isn't that hard.
Amen. I've been using CentOS for firewalls here for a long time now, with
hand-written rules. Besides, generic firewall
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 31 Dec 2007 12:21:34 -0500
Robert Moskowitz [EMAIL PROTECTED] wrote:
William L. Maltby wrote:
On Mon, 2007-12-31 at 09:33 -0500, Robert Moskowitz wrote:
Peter Farrell wrote:
Problem is I want a REAL router/firewall with
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Mark Weaver
Sent: Monday, December 31, 2007 8:09 PM
To: centos@centos.org
Subject: Re: [CentOS] Firewall frustration
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 31 Dec 2007 12:21:34 -0500
Robert
Subject: Re: [CentOS] Firewall frustration
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 31 Dec 2007 12:21:34 -0500
Robert Moskowitz [EMAIL PROTECTED] wrote:
William L. Maltby wrote:
On Mon, 2007-12-31 at 09:33 -0500, Robert Moskowitz wrote:
Peter Farrell wrote
Well FWbuilder is NOT easy. The documentation does not match the
current GUI. Now the box is locked up. I will have to pull it again,
hook it up to a kybd/VGA and reset iptables
Maybe Shoreline with webmin
Problem is I want a REAL router/firewall with little work. Both public
and
On Mon, 31 Dec 2007 00:13:22 -0500
Robert Moskowitz [EMAIL PROTECTED] wrote:
Well FWbuilder is NOT easy. The documentation does not match
Take a look at FireStarter: http://www.fs-security.com/
It very easy to set and use. It's only a front-end for iptables.
But watch out, it has it's
On Dec 31, 2007 12:13 AM, Robert Moskowitz [EMAIL PROTECTED] wrote:
Well FWbuilder is NOT easy. The documentation does not match the
current GUI. Now the box is locked up. I will have to pull it again,
hook it up to a kybd/VGA and reset iptables
Maybe Shoreline with webmin
44 matches
Mail list logo
