Re: [Shorewall-users] /31 Network on Firewall

2020-01-30 Thread Ryan Joiner
On 1/23/20 2:03 PM, Tom Eastep wrote: On 1/23/20 11:38 AM, Tom Eastep wrote: On 1/23/20 10:53 AM, Eero Volotinen wrote: https://www.google.fi/amp/s/blog.cloudtrooper.net/2017/09/19/setting-up-31-interfaces-and-bgp-on-a-centos-machine/amp/ it should work. follow the guide. I suspect that th

[Shorewall-users] /31 Network on Firewall

2020-01-22 Thread Ryan Joiner
Hello, We have been given a /31 IP schema from an ISP which I have never had to do before, I've always had /30 or /29 subnets handed to us from ISP. Anyone know if Centos 7 and Shorewall can handle this? Here is basically the information given to us by the ISP. I'm assuming /31 is basically a p

Re: [Shorewall-users] GeoIP on CentOS 7

2019-03-05 Thread Ryan Joiner
On 3/4/2019 11:55 PM, Matt Darfeuille wrote: On 3/5/2019 6:28 AM, Ryan Joiner wrote: On 3/4/2019 8:55 PM, Ryan Joiner wrote: On 3/4/2019 7:41 PM, Ryan Joiner wrote: Hello there, I see a bunch of documentation on getting shorewall to work with GeoIP on Debian but I'm not finding much on R

Re: [Shorewall-users] GeoIP on CentOS 7

2019-03-04 Thread Ryan Joiner
On 3/4/2019 8:55 PM, Ryan Joiner wrote: On 3/4/2019 7:41 PM, Ryan Joiner wrote: Hello there, I see a bunch of documentation on getting shorewall to work with GeoIP on Debian but I'm not finding much on Redhat. I'm wondering if there are .rpm packages available for CentOS 7? Or if th

Re: [Shorewall-users] GeoIP on CentOS 7

2019-03-04 Thread Ryan Joiner
On 3/4/2019 7:41 PM, Ryan Joiner wrote: Hello there, I see a bunch of documentation on getting shorewall to work with GeoIP on Debian but I'm not finding much on Redhat. I'm wondering if there are .rpm packages available for CentOS 7? Or if there is any good how to out there that you

[Shorewall-users] GeoIP on CentOS 7

2019-03-04 Thread Ryan Joiner
Hello there, I see a bunch of documentation on getting shorewall to work with GeoIP on Debian but I'm not finding much on Redhat. I'm wondering if there are .rpm packages available for CentOS 7? Or if there is any good how to out there that you have used and worked well? Thanks! -RyRy ___

Re: [Shorewall-users] The end of the road...

2019-02-20 Thread Ryan Joiner
Tom Eastep wrote: >I am now in my mid 70s and have spent almost 50 years in tech-related >industries. More than three years ago, I retired from my position at Hewlett >Packard Enterprise, and while I >have continued to develop and support >Shorewall, I feel that it is now time to say goodbye.

Re: [Shorewall-users] Asterisk/SIP stops working...

2017-06-20 Thread Ryan Joiner
Le 20/06/2017 à 01:48, Ryan Joiner a écrit : On 6/19/2017 1:57 PM, Ian Jones wrote: I am becoming more convinced that this is a nat issue, since I have installed Asterisk on the firewall itself, and it seems to run normally with no issues when restarting. The feedback from the Asterisk

Re: [Shorewall-users] Asterisk/SIP stops working...

2017-06-19 Thread Ryan Joiner
Hello, I am posting a dump file. Regards Ian -- Ian, Looking at your original email, I don’t do SIP(DNAT), I just do DNAT. (I’m not sure what that does. Good call on disabling the helpers, I use Shorewall on CentOS and have always needed to disable the helper

Re: [Shorewall-users] Asterisk/SIP stops working...

2017-06-19 Thread Ryan Joiner
On 6/19/2017 1:57 PM, Ian Jones wrote: I am becoming more convinced that this is a nat issue, since I have installed Asterisk on the firewall itself, and it seems to run normally with no issues when restarting. The feedback from the Asterisk peer support site was that: Asterisk is sending O

Re: [Shorewall-users] Weird NAT issue

2017-03-21 Thread Ryan Joiner
me bug to do with the MAC address of my server? I have a > cron job to update the OS every night, so possibly a rouge update? > > Original message > From: Ryan Joiner > Date: 22/3/17 1:59 am (GMT+10:00) > To: Shorewall Users > Subject: Re: [Shorewall-users] We

Re: [Shorewall-users] Weird NAT issue

2017-03-21 Thread Ryan Joiner
On 3/20/2017 3:47 PM, kadham1 wrote: > I totally missed that, eth0 is my external/wan interface on the router, > but it is VLANed to stop any communication with it unless going through > the router. > > Crazy! Somehow packets are arriving on that interface and thus.. it ain't gonna work... :) -

Re: [Shorewall-users] Weird NAT issue

2017-03-20 Thread Ryan Joiner
On 3/20/2017 9:38 AM, kadham1 wrote: > No it doesn't unfortunately, but that being said it is on the same VLAN > as all machines on 192.168.0.0/24 so if that was the case then none of > the machines would be working > > > > Sent from my SAMSUNG Galaxy S7 on the Telstra Mobile Network > > O

Re: [Shorewall-users] Can't Figure Out What I'm Doing Wrong

2017-03-16 Thread Ryan Joiner
On 3/16/2017 2:09 AM, Adam Cécile wrote: > Hey, > > Can you make sure you have set IP_FORWARDING=Yes in shorewall.conf ? > > Adam > > On March 16, 2017 6:23:22 AM GMT+01:00, Ryan Joiner > wrote: > > On 3/15/2017 10:02 PM, Simon Matter wrote: > >

Re: [Shorewall-users] Can't Figure Out What I'm Doing Wrong

2017-03-15 Thread Ryan Joiner
On 3/15/2017 10:02 PM, Simon Matter wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> On 03/15/2017 06:28 PM, Ryan Joiner wrote: >>> Ahh, I do see that and that would definitely be a problem. >>> >>> What's odd though is

Re: [Shorewall-users] Can't Figure Out What I'm Doing Wrong

2017-03-15 Thread Ryan Joiner
#x27;s an issue with the CentOS RPM or I'm just a moron. The latter has a higher probability. :0 Thanks, Ryan On 3/15/2017 5:57 PM, Les Niles wrote: The masq table has the source subnet 92.168.0.0/16. Shouldn't that be 192.168.0.0/16? -Les On Mar 15, 2017, at 5:24 P

[Shorewall-users] Can't Figure Out What I'm Doing Wrong

2017-03-15 Thread Ryan Joiner
Hello, I'm doing the most simple firewall setup on CentOS 6 using Shorewall 5.1.2.4-1. It is two cards, eth0 and eth1. I'm using the two-interface sample file for snat and it seems like snat is not working. The firewall has open access to the internet and that is working fine, just PC's behin

Re: [Shorewall-users] Adding WiFi DMZ for Guest "pass through" only. How to make sure I avoid the rest of my LAN?

2017-03-11 Thread Ryan Joiner
> -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On 03/11/2017 08:56 AM, darrin.tho...@123mail.org wrote: >> I'm working on my 1st shorewall setup. >> >> It's running on a 2 ethernet interface box, with a VPN connection >> too. >> >> Reading the copious docs I got all that working \o/ >> >>

Re: [Shorewall-users] Moving to CentOS7 - Disabling nf_nat_sip and nf_conntrack_sip

2016-11-04 Thread Ryan Joiner
>> >> >>>>> -BEGIN PGP SIGNED MESSAGE- >>>>> Hash: SHA256 >>>>> >>>>> On 10/28/2016 12:11 PM, Ryan Joiner wrote: >>>>> >>>>>> What would be the command to disable them for CentOS7?

Re: [Shorewall-users] Moving to CentOS7 - Disabling nf_nat_sip and nf_conntrack_sip

2016-11-04 Thread Ryan Joiner
>>> -BEGIN PGP SIGNED MESSAGE- >>> Hash: SHA256 >>> >>> On 10/28/2016 12:11 PM, Ryan Joiner wrote: >>> >>>> What would be the command to disable them for CentOS7? I have >>>> searched a bunch but couldn't find

Re: [Shorewall-users] Moving to CentOS7 - Disabling nf_nat_sip and nf_conntrack_sip

2016-11-03 Thread Ryan Joiner
> -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On 10/28/2016 12:11 PM, Ryan Joiner wrote: > >> What would be the command to disable them for CentOS7? I have >> searched a bunch but couldn't find anything. > a) rmmod nf_nat_sip > rmmod nf_con

Re: [Shorewall-users] NFTables on the roadmap?

2016-11-03 Thread Ryan Joiner
Original Message Subject: Re: [Shorewall-users] NFTables on the roadmap? From: Lee Brown To: Shorewall Users Date: 11/3/16, 6:21 PM On Mon, Oct 31, 2016 at 11:27 AM, Tom Eastep > wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256

Re: [Shorewall-users] Moving to CentOS7 - Disabling nf_nat_sip and nf_conntrack_sip

2016-10-28 Thread Ryan Joiner
On 10/28/2016 10:01 AM, Tom Eastep wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On 10/27/2016 10:14 PM, Ryan Joiner wrote: >> Hello, I provide SIP trunking to a bunch of my customers and I also >> mainly have them use shorewall. I have been using CentO

[Shorewall-users] Moving to CentOS7 - Disabling nf_nat_sip and nf_conntrack_sip

2016-10-27 Thread Ryan Joiner
Hello, I provide SIP trunking to a bunch of my customers and I also mainly have them use shorewall. I have been using CentOS 6 for some time and disabling the nf_nat_sip and nf_conntrack_sip modules have always helped with SIP trunking. In fact, it has been a requirement for SIP trunking to w

[Shorewall-users] Disable SIP Helpers in CentOS 5.9

2015-11-02 Thread Ryan Joiner
Hello - I run Centos 6 on many firewalls and am able to turn of the SIP helpers by running rmmod nf_nat_sip rmmod nf_conntrack_sip I have a firewall running CentOS 5.9 and Shorewall 4.6.13.2-1. In CentOS5, I'm unable to run /sbin/rmmod nf_nat_sip because it says ERROR: Module does not exist. Is

Re: [Shorewall-users] Multiple IP's on EM1 interface - Traffic to go out a specific IP for fw only

2014-02-27 Thread Ryan Joiner
On 2/27/2014 11:55 AM, Ryan Joiner wrote: > -Original Message- > From: Ryan Joiner [mailto:ry...@idatasys.com] > Sent: Tuesday, February 25, 2014 8:54 AM > To: Shorewall Users > Subject: [Shorewall-users] Multiple IP's on EM1 interface - Traffic to > go out a

Re: [Shorewall-users] Multiple IP's on EM1 interface - Traffic to go out a specific IP for fw only

2014-02-27 Thread Ryan Joiner
-Original Message- From: Ryan Joiner [mailto:ry...@idatasys.com] Sent: Tuesday, February 25, 2014 8:54 AM To: Shorewall Users Subject: [Shorewall-users] Multiple IP's on EM1 interface - Traffic to go out a specific IP for fw only Hello, I have a firewall running CentOS6 and Shor

[Shorewall-users] Multiple IP's on EM1 interface - Traffic to go out a specific IP for fw only

2014-02-25 Thread Ryan Joiner
Hello, I have a firewall running CentOS6 and Shorewall 4.5.4-1. We have an IP block 67.235.132.0/28 that the ISP has given us and our internet network is 192.168.11.0/24. Right now we are able to masq all the traffic in the 192.168.11.0/24 network and use the 67.235.132.1 IP and that works gre

Re: [Shorewall-users] Sharewall won't start

2013-03-24 Thread Ryan Joiner
> On Sun, Mar 24, 2013 at 12:02:59AM -0700, Ryan Joiner wrote: >> Hey guys, I just installed Shorewall shorewall-4.5.14.0-1.el6.noarch >> from RPM on CentOS 6. When I start shorewall, I get this message: >> >> Starting shorewall: Can't locate Digest/SHA.pm in

[Shorewall-users] Sharewall won't start

2013-03-24 Thread Ryan Joiner
Hey guys, I just installed Shorewall shorewall-4.5.14.0-1.el6.noarch from RPM on CentOS 6. When I start shorewall, I get this message: Starting shorewall: Can't locate Digest/SHA.pm in @INC (@INC contains: /usr/libexec/shorewall /usr/share/perl5/vendor_perl /usr/local/lib/perl5 /usr/local/shar

[Shorewall-users] http redirect

2012-10-30 Thread Ryan Joiner
Hello, I have this line in my rules REDIRECT loc3128 tcp www I would like to redirect all www traffic to port 3128 for transparent proxy except for when going to this IP 68.153.22.125 What would that line need to look like in my rules file? Thanks ---

Re: [Shorewall-users] Problem With OpenVPN Connectivity

2011-07-31 Thread Ryan Joiner
On 7/30/2011 5:01 AM, Simon Matter wrote: >> >> This thread on OpenVPN has made me wonder if I have this setup correctly. >> (I'm not exactly a shorewall-noobie, >> but I find much of the shorewall talk difficult to follow.) >> >> I have a VPN zone: >> -- >> vpn

Re: [Shorewall-users] Problem With OpenVPN Connectivity

2011-07-28 Thread Ryan Joiner
Tom. You are the man. I just joined this list a couple of weeks and have been following everything. Thanks for your help to the world. Das, you are the man. Don't give up. I think you are right, you keep just those policies with the tunnel config. You take away the access to the net via th

Re: [Shorewall-users] Problem With OpenVPN Connectivity

2011-07-28 Thread Ryan Joiner
Oh yeah, it is actual IP you connect to. openvpnclientnet68.123.45.213 (I just made that ip up. :) ) On 7/28/2011 6:38 PM, Das wrote: Hi, Ok so this? openvpnclientnet So if I make the tunnels like above, to the actual IP and then I make the policy like below: # Block this machine