Christopher Chan wrote:
Now I have to hop over to the Asterisk list to figure why with one
firewall the INVITE properly redirects the RTP to the RTP server, and
the with the other firewall this is not in the INVITE so the RTP flow
does not. ARGH!
I hope you are not trying to get a
Toby Bluhm wrote:
Robert Moskowitz wrote:
qsm wrote:
maybe shorewall can do your live so easy.
It does not support the rtl8150 chipset. That is what the I have in
the way of USB ethernet dongles.
Which is another reason to go with a Centos based solution when you
need to put somethin
Robert Moskowitz wrote:
qsm wrote:
maybe shorewall can do your live so easy.
It does not support the rtl8150 chipset. That is what the I have in
the way of USB ethernet dongles.
Which is another reason to go with a Centos based solution when you
need to put something up as you go.
Whi
Over at the IEEE 802, we are voting ballots on wording that can be
interpreted on way with the Webster dictionary and another with the
Oxford dictionary.
So I am right about iptables controlling routing and you are right about
iptables NOT controlling routing, only influencing it. What does
Christopher Chan wrote:
ip src/dest is used for routing decisions by the kernel. The IP state
machine (check the RFC or any decent TCP/IP textbook) is really quite
simple. But iptables sticks its nose into the center of that state
machine and can mangle addresses to change how packets flow th
Marko A. Jennings wrote:
On Thu, January 3, 2008 8:18 am, Robert Moskowitz wrote:
Steven Haigh wrote:
On 03/01/2008, at 3:34 PM, Robert Moskowitz wrote:
Christopher Chan wrote:
I spent much of the past 24 hours trying to find out how to set up
iptables for firewall rou
Message ---*
From: Robert Moskowitz <[EMAIL PROTECTED]>
To: CentOS mailing list
Sent: Thu, 3 Jan 2008 08:03:09 -0500
Subject: Re: [CentOS] Firewall frustration
> Christopher Chan wrote:
> >
> >> I tried it. I had everything open. Then I blocked everything. Then I
>
ip src/dest is used for routing decisions by the kernel. The IP state
machine (check the RFC or any decent TCP/IP textbook) is really quite
simple. But iptables sticks its nose into the center of that state
machine and can mangle addresses to change how packets flow through the
machine, or ju
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Marko A. Jennings
> Sent: Thursday, January 03, 2008 7:29 AM
> To: centos@centos.org
> Subject: Re: [CentOS] Firewall frustration
>
> On Thu, January 3, 2008 8:18 am
On Thu, January 3, 2008 8:18 am, Robert Moskowitz wrote:
> Steven Haigh wrote:
>> On 03/01/2008, at 3:34 PM, Robert Moskowitz wrote:
>>> Christopher Chan wrote:
> I spent much of the past 24 hours trying to find out how to set up
> iptables for firewall routing WITHOUT NATing. Could no
maybe shorewall can do your live so easy.
--
-- Original Message
---
From: Robert Moskowitz <[EMAIL PROTECTED]>
To: CentOS mailing list
Sent: Thu, 3 Jan 2008 08:03:09 -0500
Subject: Re: [CentOS] Firewall frustration
> Christopher C
Steven Haigh wrote:
On 03/01/2008, at 3:34 PM, Robert Moskowitz wrote:
Christopher Chan wrote:
I spent much of the past 24 hours trying to find out how to set up
iptables for firewall routing WITHOUT NATing. Could not find anything.
Eh? You just need to enable ip forwarding to enable rout
Christopher Chan wrote:
I tried it. I had everything open. Then I blocked everything. Then I
set up a rule to allow SSH in to eth0 and out eth1 (and the other
way). At least I thought that was what the rules said, but no SSH
connectivity through the firewall. That was when I realized that I
On 03/01/2008, at 3:34 PM, Robert Moskowitz wrote:
Christopher Chan wrote:
I spent much of the past 24 hours trying to find out how to set up
iptables for firewall routing WITHOUT NATing. Could not find
anything.
Eh? You just need to enable ip forwarding to enable routing. After
that,
On Thursday 03 January 2008 12:37:56 Christopher Chan wrote:
> Too bad you missed the documentation on netfilter then. It would have
> told you that the INPUT chain controls what comes to the box, the OUTPUT
> chain what originates from the box and the FORWARD chain what goes
> through the box.
>
>
I tried it. I had everything open. Then I blocked everything. Then I set
up a rule to allow SSH in to eth0 and out eth1 (and the other way). At
least I thought that was what the rules said, but no SSH connectivity
through the firewall. That was when I realized that I had not found the
necessa
Christopher Chan wrote:
I spent much of the past 24 hours trying to find out how to set up
iptables for firewall routing WITHOUT NATing. Could not find anything.
Eh? You just need to enable ip forwarding to enable routing. After
that, it is put up the firewall rules as is necessary, build
I spent much of the past 24 hours trying to find out how to set up
iptables for firewall routing WITHOUT NATing. Could not find anything.
Eh? You just need to enable ip forwarding to enable routing. After that,
it is put up the firewall rules as is necessary, build the appropriate
routing
Thanks I will read this through a bit later. Perhaps I was making more
of it than needed, but my attempts were not working. And all I was
trying for at first was to allow SSH through.
Steven Haigh wrote:
On 02/01/2008, at 4:11 AM, Robert Moskowitz wrote:
I spent much of the past 24 hours tryi
Steven Haigh kirjoitti viestissään (lähetysaika tiistai, 1. tammikuuta 2008
20:23):
> On 02/01/2008, at 4:11 AM, Robert Moskowitz wrote:
> > I spent much of the past 24 hours trying to find out how to set up
> > iptables for firewall routing WITHOUT NATing. Could not find anything.
> There you go
On 02/01/2008, at 4:11 AM, Robert Moskowitz wrote:
I spent much of the past 24 hours trying to find out how to set up
iptables for firewall routing WITHOUT NATing. Could not find anything.
*boggle* Is it really that hard?
## Clear up whatever is in there at the moment.
iptables -F INPUT
ipt
Firewall is up and running.
Used Shorewall with Webmin.
Les Bell wrote:
Robert Spangler <[EMAIL PROTECTED]> wrote:
While IPTABLES might be CHEAP (price) it is a very good firewall.
Learn to set it up from the command line, it isn't that hard.
<<
Amen. I've been using CentOS for firewalls
Mark Weaver wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 1 Jan 2008 08:57:22 -0500
Robert Moskowitz <[EMAIL PROTECTED]> wrote:
Have you ever thought about how rare floppy drives are now? At best
you go with a bootable usb, if your notebook supports bootable USB.
My Libretto
Scott Ehrlich wrote:
On Tue, 1 Jan 2008, Robert Moskowitz wrote:
Mark Weaver wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 31 Dec 2007 12:21:34 -0500
Robert Moskowitz <[EMAIL PROTECTED]> wrote:
William L. Maltby wrote:
On Mon, 2007-12-31 at 09:33 -0500, Robert Moskowitz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 1 Jan 2008 08:57:22 -0500
Robert Moskowitz <[EMAIL PROTECTED]> wrote:
> Have you ever thought about how rare floppy drives are now? At best
> you go with a bootable usb, if your notebook supports bootable USB.
> My Libretto does have a bootabl
On Tue, 1 Jan 2008, Robert Moskowitz wrote:
Mark Weaver wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 31 Dec 2007 12:21:34 -0500
Robert Moskowitz <[EMAIL PROTECTED]> wrote:
William L. Maltby wrote:
On Mon, 2007-12-31 at 09:33 -0500, Robert Moskowitz wrote:
Peter Farrell
Mark Weaver wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 31 Dec 2007 12:21:34 -0500
Robert Moskowitz <[EMAIL PROTECTED]> wrote:
William L. Maltby wrote:
On Mon, 2007-12-31 at 09:33 -0500, Robert Moskowitz wrote:
Peter Farrell wrote:
"Problem
mber 31, 2007 8:09 PM
> To: centos@centos.org
> Subject: Re: [CentOS] Firewall frustration
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Mon, 31 Dec 2007 12:21:34 -0500
> Robert Moskowitz <[EMAIL PROTECTED]> wrote:
>
> > William L. Malt
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Mark Weaver
Sent: Monday, December 31, 2007 8:09 PM
To: centos@centos.org
Subject: Re: [CentOS] Firewall frustration
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 31 Dec 2007 12:21:34 -0500
Robert
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 31 Dec 2007 12:21:34 -0500
Robert Moskowitz <[EMAIL PROTECTED]> wrote:
> William L. Maltby wrote:
> > On Mon, 2007-12-31 at 09:33 -0500, Robert Moskowitz wrote:
> >
> >> Peter Farrell wrote:
> >>
> >>> "Problem is I want a REAL router/
Robert Spangler <[EMAIL PROTECTED]> wrote:
>>
While IPTABLES might be CHEAP (price) it is a very good firewall.
Learn to set it up from the command line, it isn't that hard.
<<
Amen. I've been using CentOS for firewalls here for a long time now, with
hand-written rules. Besides, generic firewall
Matt Shields wrote:
On Dec 31, 2007 7:58 AM, Robert Moskowitz <[EMAIL PROTECTED]> wrote:
Matt Shields wrote:
On Dec 31, 2007 12:13 AM, Robert Moskowitz <[EMAIL PROTECTED]> wrote:
Well FWbuilder is NOT easy. The documentation does not match the
current GUI. Now the box is lock
On Dec 31, 2007 7:58 AM, Robert Moskowitz <[EMAIL PROTECTED]> wrote:
>
> Matt Shields wrote:
> > On Dec 31, 2007 12:13 AM, Robert Moskowitz <[EMAIL PROTECTED]> wrote:
> >
> >> Well FWbuilder is NOT easy. The documentation does not match the
> >> current GUI. Now the box is locked up. I will have
Robert Spangler wrote:
On Mon December 31 2007 07:58, Robert Moskowitz wrote:
Full discloser time. My day job is with ICSAlabs. My area is security
protocols research (like setttin up the initial IPsec certification
criteria), but when I visit the labs there are all those firewall
produc
Dennis McLeod wrote:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert Moskowitz
Sent: Sunday, December 30, 2007 9:13 PM
To: CentOS mailing list
Subject: [CentOS] Firewall frustration
Well FWbuilder is NOT easy. The documentation does not match
William L. Maltby wrote:
On Mon, 2007-12-31 at 09:33 -0500, Robert Moskowitz wrote:
Peter Farrell wrote:
"Problem is I want a REAL router/firewall with little work."
Run a smoothwall installtion and replace your CentOS install.
http://www.smoothwall.org/
well first challenge
Robert Spangler wrote:
While IPTABLES might be CHEAP (price) it is a very good firewall.
Learn to set it up from the command line, it isn't that hard.
Try the following to learn it;
http://iptables.rlworkman.net/chunkyhtml/index.html
Forget those GUI interfaces.
one thing that bugs me ab
On Mon December 31 2007 07:58, Robert Moskowitz wrote:
> Full discloser time. My day job is with ICSAlabs. My area is security
> protocols research (like setttin up the initial IPsec certification
> criteria), but when I visit the labs there are all those firewall
> products up and running
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Robert Moskowitz
> Sent: Sunday, December 30, 2007 9:13 PM
> To: CentOS mailing list
> Subject: [CentOS] Firewall frustration
>
> Well FWbuilder is NOT easy. The documentation does not match
> the cu
On Mon, 2007-12-31 at 09:33 -0500, Robert Moskowitz wrote:
> Peter Farrell wrote:
> > "Problem is I want a REAL router/firewall with little work."
> >
> > Run a smoothwall installtion and replace your CentOS install.
> >
> > http://www.smoothwall.org/
> >
> well first challenge is my unit's USB
Robert Moskowitz wrote:
Peter Farrell wrote:
"Problem is I want a REAL router/firewall with little work."
Run a smoothwall installtion and replace your CentOS install.
http://www.smoothwall.org/
well first challenge is my unit's USB ethernet dongles. Centos uses
the RTL 8150 driver for the
Peter Farrell wrote:
"Problem is I want a REAL router/firewall with little work."
Run a smoothwall installtion and replace your CentOS install.
http://www.smoothwall.org/
well first challenge is my unit's USB ethernet dongles. Centos uses the
RTL 8150 driver for them. Smoothwall only lists
Matt Shields wrote:
On Dec 31, 2007 12:13 AM, Robert Moskowitz <[EMAIL PROTECTED]> wrote:
Well FWbuilder is NOT easy. The documentation does not match the
current GUI. Now the box is locked up. I will have to pull it again,
hook it up to a kybd/VGA and reset iptables
Maybe Shoreline w
"Problem is I want a REAL router/firewall with little work."
Run a smoothwall installtion and replace your CentOS install.
http://www.smoothwall.org/
-Peter
On 31/12/2007, Matt Shields <[EMAIL PROTECTED]> wrote:
> On Dec 31, 2007 12:13 AM, Robert Moskowitz <[EMAIL PROTECTED]> wrote:
> > Well FW
On Dec 31, 2007 12:13 AM, Robert Moskowitz <[EMAIL PROTECTED]> wrote:
> Well FWbuilder is NOT easy. The documentation does not match the
> current GUI. Now the box is locked up. I will have to pull it again,
> hook it up to a kybd/VGA and reset iptables
>
> Maybe Shoreline with webmin
>
On Mon, 31 Dec 2007 00:13:22 -0500
Robert Moskowitz <[EMAIL PROTECTED]> wrote:
> Well FWbuilder is NOT easy. The documentation does not match
Take a look at FireStarter: http://www.fs-security.com/
It very easy to set and use. It's only a front-end for iptables.
But watch out, it has it's limit
46 matches
Mail list logo