On 05/26/2014 09:54 PM, Paolo wrote:
>
> Hi list
>
> I usually install shorewall to stand-alone servers or into servers
> that act non only, but also as gateway for other boxes.
> If I install a dedicated box as firewall, usually I consider dedicated
> distro like IpCop, PFSense, ZeroShell, .
Paolo Andretta wrote:
> The advantage of a dedicated firewall distro is that it is usually
> hardened and that there are tools that can be very useful when you need
> to solve some problem (traffic/system/... graphs, useful add-on, ...).
As the saying goes, it's 6 of one, half a dozen of the o
On Mon, 26 May 2014, Roberto C. Sánchez wrote:
>> I usually install shorewall to stand-alone servers or into servers
>> that act non only, but also as gateway for other boxes.
>> If I install a dedicated box as firewall, usually I consider dedicated
>> distro like IpCop, PFSense, ZeroShell, .
I also use debian stable along with shorewall and depending of the
requirements some additionel packets and on embedded devices I run
openwrt stable along with shorewall-lite!
So in an nutshell I will not install a distribution on which
shorewall/shorewall-lite can not be used!!!:)
-Matt
On
On Mon, May 26, 2014 at 01:54:24PM +0200, Paolo wrote:
>
> Hi list
>
> I usually install shorewall to stand-alone servers or into servers
> that act non only, but also as gateway for other boxes.
> If I install a dedicated box as firewall, usually I consider dedicated
> distro like IpCop,
> sometimes I ask to myself and now to the list: If you are planning to
> install a box wich primary activity is firewalling (usual
> NET/LAN/DMZ/WLAN config), wich distro do you consider/prefer?
Disclaimer: I'm one of the developers of NethServer.
I use NethServer, which is a distro based on Cen
Hi list
I usually install shorewall to stand-alone servers or into servers
that act non only, but also as gateway for other boxes.
If I install a dedicated box as firewall, usually I consider dedicated
distro like IpCop, PFSense, ZeroShell, ... because they give me a distro
already har
On 2/26/11 2:30 PM, Lademann, Klaus wrote:
> Am 26.02.2011 23:05, schrieb Tom Eastep:
>
>> What are the IP addresses of the two Guest systems?
>>
>> -Tom
>
>
> VirtalBox: 192.168.56.1
> VMwareWS: 192.168.54.1 / 192.168.192.1
>
> Connect over NAT
> include ifconfig -a
Sorry -- I don't understan
Am 26.02.2011 23:05, schrieb Tom Eastep:
> What are the IP addresses of the two Guest systems?
>
> -Tom
VirtalBox: 192.168.56.1
VMwareWS: 192.168.54.1 / 192.168.192.1
Connect over NAT
include ifconfig -a
vboxnet0 Link encap:Ethernet Hardware Adresse 0a:00:27:00:00:00
inet6-Adress
On 2/26/11 9:37 AM, Lademann, Klaus wrote:
> Dear Tom,
>
> Guest: VirtualBox (windows 7 IE)
> Guest: VMwareWS (windows xp IE)
>
> i want shorewall to control the traffic against the Guest to Host.
> Windows is ***.
>
> include: shorewall_dump - sorry was to big for normal
> < VirtualBox and VMwa
Dear Tom,
Guest: VirtualBox (windows 7 IE)
Guest: VMwareWS (windows xp IE)
i want shorewall to control the traffic against the Guest to Host.
Windows is ***.
include: shorewall_dump - sorry was to big for normal
< VirtualBox and VMwareWS is running >
klaus
shorewall_dump.bz2
Description: appl
On 2/23/11 12:30 PM, Lademann, Klaus wrote:
> I have a question about the traffic from a my Host (Linux) to Guestsytem
> (Windows 7) over NAT in VirtualBox/VMwareWS. I want only HTTP/FTP
> traffic to concede.
>
> Can i take the NAT File for this ?
>
> VirtualBox: 192.168.56.1
> VMwareWS : 192.1
Dear Users,
I have a question about the traffic from a my Host (Linux) to Guestsytem
(Windows 7) over NAT in VirtualBox/VMwareWS. I want only HTTP/FTP
traffic to concede.
Can i take the NAT File for this ?
VirtualBox: 192.168.56.1
VMwareWS : 192.168.95.1
Sorry, i know its a beginnerthink. But
mess-mate wrote:
But have take's a few seconds to get access, is not instanenous as usely
Sounds like you may still have a DNS problem.
and i don't know what this warning on the router does here:
Apr 17 13:49:45 router kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
SRC=86.122.119.233 DST
mess-mate wrote:
> Tom Eastep wrote:
>
>
>> mess-mate wrote:
>>
>>
>>> Here is:
>>> - a shorewall dump from the router: status-router.txt
>>> - a diagram : diagram-lan.txt
>>> The answer for your last question (So, if you "shorewall clear" on the
>>> Vserver host, does everything start wor
Tom Eastep wrote:
> mess-mate wrote:
>
>> Here is:
>> - a shorewall dump from the router: status-router.txt
>> - a diagram : diagram-lan.txt
>> The answer for your last question (So, if you "shorewall clear" on the
>> Vserver host, does everything start working perfectly? ) is no. This is
>> why i
mess-mate wrote:
> snip..
>
> I've found this about vserver host/guest iptables.
> http://www.unixshell.com/wiki/index.php/Creating_and_using_vserver_virtual_servers
>
> mess-mate
Hi,
You seem to have chosen "Networking Option B" (DNAT) in the guide you mention
above. My guess is that you did
mess-mate wrote:
Here is:
- a shorewall dump from the router: status-router.txt
- a diagram : diagram-lan.txt
The answer for your last question (So, if you "shorewall clear" on the
Vserver host, does everything start working perfectly? ) is no. This is
why i add a shorewall dump of the router ma
snip..
I've found this about vserver host/guest iptables.
http://www.unixshell.com/wiki/index.php/Creating_and_using_vserver_virtual_servers
mess-mate
-
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Do
Tom Eastep wrote:
>
>
> Please post your diagram again -- this time, use a text editor to draw
> it and attach it as a text attachment. We couldn't make any sense out
> of your last diagram because it was turned into nonsense by your mailer.
>
> mess-mate wrote:
>
>>>
>> Hi,
>> attached the sta
Tom Eastep wrote:
If you have two Shorewall configurations, please collect a dump from
both and describe exactly what doesn't work.
I can see from the dump that ping from 192.168.20.254 is being rejected.
That is because you are not accepting ping from that IP address; for
some reason, you
Please post your diagram again -- this time, use a text editor to draw
it and attach it as a text attachment. We couldn't make any sense out of
your last diagram because it was turned into nonsense by your mailer.
mess-mate wrote:
Hi,
attached the statux.txt.
a) it is
b)the machine is l
Tom Eastep wrote:
> mess-mate wrote:
>> Tom Eastep wrote:
>>
>>> mess-mate wrote:
Hi,
can anybody help me translate this iptable to a shorewall rule :
iptables -t NAT -A POSTROUTING -s GUEST_IP -j SNAT --to-source HOST_IP
Host ip = xx.xx.xx.xx, guest ip subnet
mess-mate wrote:
Tom Eastep wrote:
mess-mate wrote:
Hi,
can anybody help me translate this iptable to a shorewall rule :
iptables -t NAT -A POSTROUTING -s GUEST_IP -j SNAT --to-source HOST_IP
Host ip = xx.xx.xx.xx, guest ip subnet is yy.yy.yy.yy/255.255.255.0
*
What problem are you tryin
Tom Eastep wrote:
> mess-mate wrote:
>> Hi,
>>
>> can anybody help me translate this iptable to a shorewall rule :
>>
>> iptables -t NAT -A POSTROUTING -s GUEST_IP -j SNAT --to-source HOST_IP
>>
>> Host ip = xx.xx.xx.xx, guest ip subnet is yy.yy.yy.yy/255.255.255.0
>> *
>
> What problem are you
mess-mate wrote:
Hi,
can anybody help me translate this iptable to a shorewall rule :
iptables -t NAT -A POSTROUTING -s GUEST_IP -j SNAT --to-source HOST_IP
Host ip = xx.xx.xx.xx, guest ip subnet is yy.yy.yy.yy/255.255.255.0
*
What problem are you trying to solve? I would be surprised if y
Hi,
can anybody help me translate this iptable to a shorewall rule :
iptables -t NAT -A POSTROUTING -s GUEST_IP -j SNAT --to-source HOST_IP
Host ip = xx.xx.xx.xx, guest ip subnet is yy.yy.yy.yy/255.255.255.0
*
*Thanks in advance.
*
*
--
mess-mate
Alberto Sierra wrote:
> Hi guys im reading
> http://www.shorewall.net/ScalabilityAndPerformance.html#id2456106
> about host groups, but when i add it to my params file
> and create the custom action it does not add the rules
> that i created in the action.
>
> questions:
>
> on the params file
>
Hi guys im reading
http://www.shorewall.net/ScalabilityAndPerformance.html#id2456106
about host groups, but when i add it to my params file
and create the custom action it does not add the rules
that i created in the action.
questions:
on the params file
HOSTS=192.168.0.1,192.168.0.2
enclosing IP
29 matches
Mail list logo