Re: [Shorewall-users] First experience (next)

2015-09-16 Thread Ob Noxious
On Wed, Sep 16, 2015 at 7:51 PM, Tom Eastep wrote: I've been running containers for three years now and have never had to > place the bridge in promiscuous mode to give the containers full > internet access. > I would like that too but currently, I can't figure a way to achieve this. > I can o

Re: [Shorewall-users] Shorewall module Sip

2015-09-16 Thread Lee Brown
Tom is right, You will need something like an Ingate SIParator which is a box that inspects and re-writes the packets as it forwards (SIP is designed for a LAN). We had to purchase one of these to connect a node on our commercial ShoreTel system to

Re: [Shorewall-users] Shorewall module Sip

2015-09-16 Thread Tom Eastep
On 09/16/2015 03:21 PM, ricky gutierrez wrote: > 2015-09-03 16:05 GMT-06:00 Tom Eastep : >> >> Please forward the output of 'shorewall dump' collected as described at >> http://www.shorewall.org/support.htm#Guidelines. >> >> Thanks, >> -Tom >> -- > > Hi tom , look http://pastebin.com/s0GGpQa0 >

Re: [Shorewall-users] Shorewall module Sip

2015-09-16 Thread ricky gutierrez
2015-09-03 16:05 GMT-06:00 Tom Eastep : > > Please forward the output of 'shorewall dump' collected as described at > http://www.shorewall.org/support.htm#Guidelines. > > Thanks, > -Tom > -- Hi tom , look http://pastebin.com/s0GGpQa0 ---

Re: [Shorewall-users] MACLIST option and dhcp server

2015-09-16 Thread Tom Eastep
On 09/16/2015 01:06 AM, Davide Marini wrote: > Hi Tom, > what I am try to tell is: > > if I'm using maclist option for binding ip and mac address with > MACLIST_DISPOSITION=DROP (or reject) every packet towards the firewall > is blocked. > I can use the dhcop option on the interfaces file to mak

Re: [Shorewall-users] First experience (next)

2015-09-16 Thread Tom Eastep
On 09/15/2015 03:42 PM, Ob Noxious wrote: > On Tue, Sep 15, 2015 at 6:00 PM, Tom Eastep > wrote: > > > Maybe I'm missing something but how can I expect the LXC containers to > > reach any OTHER host other than the one the containers are running on? > > >

Re: [Shorewall-users] MACLIST option and dhcp server

2015-09-16 Thread Davide Marini
Hi Tom, what I am try to tell is: if I'm using maclist option for binding ip and mac address with MACLIST_DISPOSITION=DROP (or reject) every packet towards the firewall is blocked. I can use the dhcop option on the interfaces file to make the dhcp working but if I have other services I have to