-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/29/2016 04:59 PM, Thomas Schneider wrote:
> sure... tarball attached.
>
Several things:
1) NONE policies are only to be used when *no* traffic is ever
expected between the SOURCE and DEST zones. That is why Rules are
not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/29/2016 01:24 PM, Thomas Schneider wrote:
> Hello Tom,
>
> I have no doubts in your analysis of the dump.
>
> However, I have no idea about the right conclusions. You're
> pointing to some rules stating "no rule matches the traffic". This
>
Hello Tom,
I have no doubts in your analysis of the dump.
However, I have no idea about the right conclusions.
You're pointing to some rules stating "no rule matches the traffic".
This confirms my assumption, but I'm not sure what to configure.
These are the current rules for ping/traceroute:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/28/2016 12:03 AM, Thomas Schneider wrote:
> Update: I have adjusted some rules as follows: ## Permit ping
> access Ping(ACCEPT)loc,fb $FW Ping(ACCEPT)$FW
> loc,fb Ping(ACCEPT)fb loc,dmz
>
> ## Drop ping
Update:
I have adjusted some rules as follows:
## Permit ping access
Ping(ACCEPT)loc,fb $FW
Ping(ACCEPT)$FW loc,fb
Ping(ACCEPT)fb loc,dmz
## Drop ping access from net
Ping(DROP) net all
## Permit ICMP access
ACCEPT $FW
Hello!
Indeed I mean the default router for 192.168.178.0/24.
Please allow me to add this PDF that documents the architecture.
This router is limited in regards to modifications.
But I have configured a static route on this router.
To enable ICMP redirects, do I need to create related rules in
Hi Tom,
I checked configuration and reviewed rules.
For "Ping" and "ICMP" I can see these rules:
## Permit ping access
Ping(ACCEPT)loc,fb $FW
Ping(ACCEPT)$FW loc,fb
## Drop ping access from net
Ping(DROP) net all
## Permit ICMP access
ACCEPT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/26/2016 07:10 AM, Tom Eastep wrote:
> On 06/26/2016 05:53 AM, Thomas Schneider wrote:
>> Hello!
>
>> Indeed I mean the default router for 192.168.178.0/24.
>> http://up.picr.de/26014890cy.jpg
>
>> This router is limited in regards to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/26/2016 05:53 AM, Thomas Schneider wrote:
> Hello!
>
> Indeed I mean the default router for 192.168.178.0/24.
> http://up.picr.de/26014890cy.jpg
>
> This router is limited in regards to modifications. But I have
> configured a static route
Hello!
Indeed I mean the default router for 192.168.178.0/24.
http://up.picr.de/26014890cy.jpg
This router is limited in regards to modifications.
But I have configured a static route on this router.
To enable ICMP redirects, do I need to create related rules in Shorewall
allowing this traffic?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/20/2016 10:08 PM, Thomas Schneider wrote:
> Hello!
>
>
> I have the following network architecture with
>
> - 2 ISP
>
> - 1 separate router (Fritz!Box)
>
> - Shorewall running on Proxmox VE server
>
>
> I can only access clients in
Hello!
I have the following network architecture with
- 2 ISP
- 1 separate router (Fritz!Box)
- Shorewall running on Proxmox VE server
I can only access clients in subnet LAN (10.0.0.0/24) and DMZ
(10.1.0.0/24) from server 192.168.178.10 where Shorewall is running.
From any other
12 matches
Mail list logo
