Thanks once again Lonnie. Its all working.
Regards
Michael Knill
-Original Message-
From: Lonnie Abelbeck
Reply-To: AstLinux List
Date: Wednesday, 24 August 2016 at 11:10 PM
To: AstLinux List
Subject: Re: [Astlinux-users] Arno firewall logs
Michael,
Yes, qualifying IGMP ( -p 2 ) for
lbeck
> Reply-To: AstLinux List
> Date: Wednesday, 24 August 2016 at 1:40 PM
> To: AstLinux List
> Subject: Re: [Astlinux-users] Arno firewall logs
>
> Michael,
>
> Without testing, this snippet added to your "custom-rules" should drop the
> NETBIOS packets
fi
Regards
Michael Knill
-Original Message-
From: Lonnie Abelbeck
Reply-To: AstLinux List
Date: Wednesday, 24 August 2016 at 1:40 PM
To: AstLinux List
Subject: Re: [Astlinux-users] Arno firewall logs
Michael,
Without testing, this snippet added to your "custom-rules" should drop
Cool thanks.
I assume that $PPPOE will be eth0 in my case?
Regards
Michael Knill
-Original Message-
From: Lonnie Abelbeck
Reply-To: AstLinux List
Date: Wednesday, 24 August 2016 at 1:40 PM
To: AstLinux List
Subject: Re: [Astlinux-users] Arno firewall logs
Michael,
Without testing
onnie Abelbeck
> Reply-To: AstLinux List
> Date: Wednesday, 24 August 2016 at 10:33 AM
> To: AstLinux List
> Subject: Re: [Astlinux-users] Arno firewall logs
>
> Michael,
>
> You must have also defined MODEM_IF_IP and/or MODEM_IP, if you only define
> MODEM_IF
Thanks Lonnie
It does work for the IGMP packets. What should I put in for the Netbios packets?
Regards
Michael Knill
-Original Message-
From: Lonnie Abelbeck
Reply-To: AstLinux List
Date: Wednesday, 24 August 2016 at 10:33 AM
To: AstLinux List
Subject: Re: [Astlinux-users] Arno
ed INPUT packet though so
> it did something.
> All log denied entries are unchecked.
>
> Regards
> Michael Knill
>
> -Original Message-
> From: Lonnie Abelbeck
> Reply-To: AstLinux List
> Date: Tuesday, 23 August 2016 at 11:25 PM
> To: AstLinux List
: AstLinux List
Subject: Re: [Astlinux-users] Arno firewall logs
Hi Michael,
There is a firewall plugin for that, "dsl-ppp-modem":
https://doc.astlinux.org/userdoc:tt_firewall_plugins#dsl-ppp-modem
That plugin only adds firewall rules, no routes or IP address. It seems
defining MODEM_IF to
Am 23.08.2016 um 15:25 schrieb Lonnie Abelbeck :
> Hi Michael,
>
> There is a firewall plugin for that, "dsl-ppp-modem":
> https://doc.astlinux.org/userdoc:tt_firewall_plugins#dsl-ppp-modem
>
> That plugin only adds firewall rules, no routes or IP address. It seems
> defining MODEM_IF to the
Hi Michael,
There is a firewall plugin for that, "dsl-ppp-modem":
https://doc.astlinux.org/userdoc:tt_firewall_plugins#dsl-ppp-modem
That plugin only adds firewall rules, no routes or IP address. It seems
defining MODEM_IF to the PPPoE external interface is the only required setting.
Also chec
Am 23.08.2016 um 13:46 schrieb Michael Knill
:
> Hi group
>
> Unfortunately Im not that good on the firewall config.
> I have an external PPPoE modem on eth0 which I access via an IP Address
> configured in rc.elocal.
> Unfortunately I have recently installed a VDSL2 modem that's trying to be
Hi Tom,
Thanks for documenting the issues with the sip-voip plugin. I've come to the
same conclusion over the years but never documented it.
Good advice is to leave the sip-voip plugin disabled.
Lonnie
On Mar 16, 2011, at 12:43 PM, Tom Mazzotta wrote:
> BTW, I have since disabled the "sip-v
BTW, I have since disabled the "sip-voip" plugin and re-enabled the inbound
rules for sip/rtp on my firewall. I have noticed that on at least two
occasions, I would receive a call via my sip provider and I could not hear the
calling party (nor could they hear me). That tells me that the dynamic
, 2011 10:07 AM
To: AstLinux Users Mailing List
Subject: Re: [Astlinux-users] Arno firewall problem
Hi Tom,
I would have disabled the sip-voip plugin, but what you did should also work.
The extra ACCEPT's are from forward chains and such, if you try the following:
$ iptables-save | grep ACCEPT
Hi Tom,
I would have disabled the sip-voip plugin, but what you did should also work.
The extra ACCEPT's are from forward chains and such, if you try the following:
$ iptables-save | grep ACCEPT
you will get a better idea where the ACCEPT's are occurring. It should all be
good.
Looking forw
igured to allow all packets through, or what does
this mean? Thanks!
-tm
-Original Message-
From: Lonnie Abelbeck [mailto:li...@lonnie.abelbeck.com]
Sent: Tuesday, March 15, 2011 12:14 AM
To: AstLinux Users Mailing List
Subject: Re: [Astlinux-users] Arno firewall problem
Tom,
Disab
Tom,
Disable the SIP-VOIP plugin, that is the problem...
--
Using SIP UDP for 0/0 (INET) to port(s): 5060
--
or configure it with SIP_VOIP_REMOTE_HOSTS="66.241.96.96" in the plugin.
Lonnie
On Mar 14, 2011, at 10:56 PM, Tom Mazzotta wrote:
> Lonnie & Gene,
>
> Below is the output you both requ
Lonnie & Gene,
Below is the output you both requested. Since having the problem, I have
modified the rules to replace the hostnames with static IP addresses and added
my internal LAN to the adaptive ban whitelist. Also, although the Soekris box
has multiple interfaces, I am only using the exter
Hi Tom,
What is the output of:
iptables -nL |grep ACCEPT
G
On 03/14/2011 07:25 PM, Tom Mazzotta wrote:
> I am running astlinux-0.7.7 (Asterisk 1.4.40) on a Soekris box behind my
> ISP's cable router on my LAN. I am forwarding all SIP& RTP packets from this
> router to the external interface
Tom,
While iptables supports hostnames, AstLinux does not at startup since DNS is
not plugged in when the firewall is run at startup. The developers have talked
about this in the past and voted to leave it as is. Though this could be made
to work, there are reasons to stick with numeric addre
Philip, Darrick, and Lonnie,
This is exactly the information I was hoping to receive. Thank you for
your thoughtful responses.
I'm sure this will help greatly.
With kind regards,
Dan
Lonnie Abelbeck wrote:
Dan,
I recently replaced a long working m0n0wall firewall/router setup with
Ast
IAX does not require connection tracking like SIP, since with IAX all
the signaling and voice data occur over the same 4569 UDP port stream.
Lonnie
On Sep 9, 2009, at 11:50 AM, Philip Prindeville wrote:
> I'd just suggest that you enable the sip-voip plugin
> (/etc/arno-iptables-firewall/plugi
Dan,
I recently replaced a long working m0n0wall firewall/router setup with
AstLinux, allowing SIP to be directly off a public IP address. I have
not looked back.
I am using a custom build of trunk, too bad 0.7 is not quite
available. There have been a lot of improvements with Arno's fire
Dan,
The gui creates a file call gui.firewall.conf in /mnt/kd/rc.conf.d
Basically it takes the variables from the firewall.conf file found in
/mnt/kd/arno-iptables-firewall and overrides them.
The firewall.conf file should not be edited directly. Doing so makes
upgrading more difficult. Anyo
Since it deals with the GUI, I'll let Lonnie answer most of this.
I'd just suggest that you enable the sip-voip plugin
(/etc/arno-iptables-firewall/plugins/sip-voip.conf) and set the value to
5060 for SIP and 4569 for IAX. (Actually, I'm not sure if the sip
connection tracker can handle IAX inspe
25 matches
Mail list logo
