Thanks Matt and Roberto - I'll try the systemctl commands next time I go
into school (not until next week now). And it looks like I somehow
didn't install shorewall-init at home - not sure why.
Regards - Philip
On 25/01/2017 17:30, Matt Darfeuille wrote:
> On 1/25/2017 6:06 PM, Philip Le Riche
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 01/25/2017 11:29 AM, Robert K Coffman Jr. -Info From Data Corp. wrote:
>> seem to be a way for me to push up a route to the server
>
> That doesn't seem to be desirable behavior - any client could
> effectively DOS the box. The admin of the
On Wednesday, January 25, 2017 2:36:23 PM MST Robert K Coffman Jr. -Info From
Data Corp. wrote:
> > tun0 VPN_NET
>
> Your source would be your local LAN, and I believe you want to
> masquerade the traffic through tun0 if that is the tunnel you are using:
>
> tun0 eth1 (or some variation
On Wednesday, January 25, 2017 2:29:09 PM MST Robert K Coffman Jr. -Info From
Data Corp. wrote:
> > seem to be a way for me to push up a route to the server
>
> That doesn't seem to be desirable behavior - any client could
> effectively DOS the box. The admin of the server needs to make that
> tun0 VPN_NET
Your source would be your local LAN, and I believe you want to
masquerade the traffic through tun0 if that is the tunnel you are using:
tun0 eth1 (or some variation that defines your local LAN)
- Bob
> seem to be a way for me to push up a route to the server
That doesn't seem to be desirable behavior - any client could
effectively DOS the box. The admin of the server needs to make that change.
- Bob
--
Check out
On Wednesday, January 25, 2017 12:08:36 PM MST Thomas Fjellstrom wrote:
> On Wednesday, January 25, 2017 10:17:47 AM MST Tom Eastep wrote:
> > On 01/25/2017 10:01 AM, Thomas Fjellstrom wrote:
> > > On Wednesday, January 25, 2017 12:31:22 PM MST Roberto C. Sánchez
> > >
> > > wrote:
> > >> On Wed,
On Wednesday, January 25, 2017 10:17:47 AM MST Tom Eastep wrote:
> On 01/25/2017 10:01 AM, Thomas Fjellstrom wrote:
> > On Wednesday, January 25, 2017 12:31:22 PM MST Roberto C. Sánchez
> >
> > wrote:
> >> On Wed, Jan 25, 2017 at 09:56:13AM -0700, Thomas Fjellstrom
> >>
> >> wrote:
> >>> I'm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 01/25/2017 10:01 AM, Thomas Fjellstrom wrote:
> On Wednesday, January 25, 2017 12:31:22 PM MST Roberto C. Sánchez
> wrote:
>> On Wed, Jan 25, 2017 at 09:56:13AM -0700, Thomas Fjellstrom
>> wrote:
>>> I'm basically getting what I had before:
>>>
On Wednesday, January 25, 2017 12:31:22 PM MST Roberto C. Sánchez wrote:
> On Wed, Jan 25, 2017 at 09:56:13AM -0700, Thomas Fjellstrom wrote:
> > I'm basically getting what I had before:
> >
> > lan# ping VPNINTHOST
> >
> > fw# tcpdump -i eth0 host VPNGW
> > 09:46:47.60 IP MYIP.57800 >
On Wed, Jan 25, 2017 at 09:56:13AM -0700, Thomas Fjellstrom wrote:
>
> I'm basically getting what I had before:
>
> lan# ping VPNINTHOST
>
> fw# tcpdump -i eth0 host VPNGW
> 09:46:47.60 IP MYIP.57800 > 149.56.251.50.openvpn: UDP, length 85
> 09:46:48.646222 IP MYIP.57800 >
On 1/25/2017 6:06 PM, Philip Le Riche wrote:
>
> I've checked that STARTUP_ENABLED=Yes is still in my shorewall.conf, and
> though I'm not familiar with systemd, I've checked that
> shorewall.service in /lib/systemd/system is the same between home and
> school setups. However, at school I also
On Wed, Jan 25, 2017 at 05:06:38PM +, Philip Le Riche wrote:
> I got my Shorewall installation (defending a school network from a
> Raspberry Pi farm, with 3rd unfiltered Internet connection) working at
> home on an equivalent network though with different network addresses,
> and
I got my Shorewall installation (defending a school network from a
Raspberry Pi farm, with 3rd unfiltered Internet connection) working at
home on an equivalent network though with different network addresses,
and transferred the config files to school. After correcting a couple of
really stoopid
On Wednesday, January 25, 2017 9:18:11 AM MST Thomas Fjellstrom wrote:
> On Wednesday, January 25, 2017 10:54:23 AM MST Roberto C. Sánchez wrote:
> > On Wed, Jan 25, 2017 at 08:23:07AM -0700, Thomas Fjellstrom wrote:
> > > Hi.
> > >
> > > I'm having a minor problem setting up shorewall to
On Wed, Jan 25, 2017 at 08:23:07AM -0700, Thomas Fjellstrom wrote:
> Hi.
>
> I'm having a minor problem setting up shorewall to properly route and allow
> openvpn traffic through my firewall.
>
> I'd like the openvpn client to be running on the firewall, and allow local
> machines to connect
On Wednesday, January 25, 2017 10:59:43 AM MST Robert K Coffman Jr. -Info From
Data Corp. wrote:
> > So far I have traffic that is getting sent out my public connection to the
> > openvpn server, but nothing comes back according to `tcpdump -i extIF host
> > VPNGATEWAY`. Nothing shows up in the
On Wednesday, January 25, 2017 10:54:23 AM MST Roberto C. Sánchez wrote:
> On Wed, Jan 25, 2017 at 08:23:07AM -0700, Thomas Fjellstrom wrote:
> > Hi.
> >
> > I'm having a minor problem setting up shorewall to properly route and
> > allow
> > openvpn traffic through my firewall.
> >
> > I'd like
> So far I have traffic that is getting sent out my public connection to the
> openvpn server, but nothing comes back according to `tcpdump -i extIF host
> VPNGATEWAY`. Nothing shows up in the logs stating traffic has been blocked.
> policy is set up to log on the final DROP and REJECT rules.
Hi.
I'm having a minor problem setting up shorewall to properly route and allow
openvpn traffic through my firewall.
I'd like the openvpn client to be running on the firewall, and allow local
machines to connect to and communicate with the private subnet on the other
side of the vpn, but not
On Wed, Jan 25, 2017 at 1:50 AM, Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 01/24/2017 03:40 AM, Raphael Bauduin wrote:
> > Hi,
> >
> > I'm running shorewall 5.0.14.1 on centos 7.3.1611, and I have
> > enabled docker in shorwall.conf:
> >
21 matches
Mail list logo