Care to share what the issue ended up being and how you resolved the
issue? You may help someone else who is having the issue too.
Mike K.
-Original Message-
From: wharfratjoe [mailto:wharfrat...@gmail.com]
Sent: Tuesday, September 29, 2009 8:31 PM
To: efw-user@lists.sourceforge.net
Sub
Are you talking about allowing outside users to RDP into your network if
their MAC address matches a list? If so, that is not possible. The
reason for this is that the Source MAC Address is only consistent to the
first router. After that, the Source MAC Address is rewritten each time
a new frame
I had this issue too and was never able to resolve it. My VoIP service
(Packet8) worked w/out issue behind v2.1; however, I was not able to get
it to work behind any candidate of 2.2.
Mike Knisely
-Original Message-
From: Steven Sher [mailto:stev...@techtron.co.za]
Sent: Thursday
d you should be good to go.
Mike Knisely
PS to anyone waiting: VMWare ESXi & Endian howto is still on my "to-do"
list... my ESXi lab box is at a client's site right now.
-Original Message-
From: NightLord [mailto:steph...@parenton.com <mailto:steph...@parenton.co
bject: Re: [Efw-user] Endian Community Firewall 2.2 RC3 InstallationCrashed
Mike, sounds great. I'll look forward to the demo.
2009/2/20 Mike Knisely
You'll need to make certain that the hardware you have is supported by
the ESX hypervisor. You need some pretty contempo
ruary 20, 2009 8:28 AM
To: efw-user@lists.sourceforge.net
Subject: Re: [Efw-user] Endian Community Firewall 2.2 RC3
InstallationCrashed
Mike, are you referring to the VMWare ESXi3? I would love to see your
demo/howto to set it up. Just got myself an old machine that I can use.
Regards,
A. Syadiqin
2009/2/
the box with
the MySQL server.
2009/2/19 Mike Knisely
I'd go the VMWare ESX3i way if I were in your shoes. It's an
amazing platform that will allow you to use more of the obscene power of that
box. Running Endian on it is a little like usi
I've got an older Compaq DL360 (PIII, pre-HP Buyout) that I was
completely unable to load 2.2r3.
Here's the pertinent RAID controller info for this device:
03:06.0 RAID bus controller: Compaq Computer Corporation Smart Array
5300 Controller (rev 02)
I then tried it on a HP ML350 G4 w/ an Ad
I'd go the VMWare ESX3i way if I were in your shoes. It's an amazing
platform that will allow you to use more of the obscene power of that
box. Running Endian on it is a little like using an F-350 Super Duty as
a commuter car.
Mike
From: Allie Syadiqin [
I've not tried... what benefits do you expect to see from installing the tools?
Mike K.
From: Child of Wonder [mailto:m...@sassefamily.com]
Sent: Tue 1/27/2009 16:11
To: efw-user@lists.sourceforge.net
Subject: [Efw-user] VMware Tools
Has anyone had any succe
Oh... forgot to add the --force as there is a dependency error on
libclamav.so.3 as noted in a previous thread.
I built out a lab Endian box and am testing it now, I'll report back.
Mike Knisely
From: Mike Knisely [mailto:mknis...@mtbt.com]
Sent: Mon
-Mail-SpamAssassin-extras-3.1.9-1.endian4.i386.rpm
\
http://www.stellarcore.net/downloads/efw2-updates/tzdata-2007c-1.el4.noarch.rpm
\
Admittedly though, mostly I'm just blinding grabbing the most recent version
listed and running with it.
T
008 at 11:38 AM, Mike Knisely
wrote:
Internal to Internal... eh?
Here's how I interpret you example then:
You want all connections from the Green network that hit your firewall
with any destination target at port TCP/4545 to be redirected to an
internal machine.
Is that correct?
on, Dec 15, 2008 at 9:12 PM, Mike Knisely wrote:
Depends on your version... I'll assume you're running 2.2RC3:
1: Log into the Web Interface
2: Go to Firewall
3: You'll be on the Port Forwarding /NAT by default
4: Add a new port forwarding rule
5: Know weather you'
Depends on your version... I'll assume you're running 2.2RC3:
1: Log into the Web Interface
2: Go to Firewall
3: You'll be on the Port Forwarding /NAT by default
4: Add a new port forwarding rule
5: Know weather you're got a TCP or UDP port being forwarded, and choose the
proper protocol.
6
;s now works like a
charm, CPU, memory, and disk usage are back where they were when I first
installed the system.
I would have to agree though, it would be fun to play with it and see
how it
works, though I would rather not on my firewall :)
Thanks for you help with this!
Mike Knisely wrote:
&
gh I would rather not on my firewall :)
Thanks for you help with this!
Mike Knisely wrote:
>
> In the spirit of finding an answer... I went to one of the oldest
> crustiest Linux guy I know. Here's this thought:
>
> Here's what I'd try:
>
> find $DIRS -
mber 03, 2008 2:50 PM
To: efw-user@lists.sourceforge.net
Subject: Re: [Efw-user] rrdfix.sh VERY high CPU and memory usage EFW
2.2RC3
LOL, well it would have worked greatexcept for this:
-bash: /bin/tar: Argument list too long
Any way around this??
compdoc, ntop is the owner on all files and folde
How's this look?
We'll create a backup to our current directory so if things blow up we
can put them back:
tar zcvf rrd_files.tar.gz `find $DIRS -name "*.rrd"`
One we've got that we'll remove them:
find $DIRS -name "*.rrd" | xargs rm
Michael J. Knisely
-Original Message-
From: danodeman
Hmmm Interesting. Can you expand their Green address space to a larger
range? For example, if they were 192.168.23.0/24, you could make them
192.168.22.0/23. That would include the 192.168.22.0/24 and 192.168.23.0/24
networks.
Michael J. Knisely
From:
t all
works, it's been some time since I set the DNS up. Thanks for you help
Mike!
Mike Knisely wrote:
>
> I'm in the same boat. My internal www server (running geeklog with a
> gallery plugin) was acting the same way. That's why I liked the
> internal DNS solution. Yo
displayed.
Thanks for the response though, I appreciate it. I'm going to do a bit
more
testing a digging in maybe in the mean time somebody will be able to
offer
up a different solution. Thanks! :)
Mike Knisely wrote:
>
> The way I have dealt w/ this is to use an internal DNS serve
Was not able to build out the lab this weekend... Sorry. Any luck with this?
Michael J. Knisely
From: Mike Knisely [mailto:[EMAIL PROTECTED]
Sent: Thu 11/13/2008 19:19
To: efw-user@lists.sourceforge.net
Subject: RE: [Efw-user] connecting to a PPPoE adsl modem
The way I have dealt w/ this is to use an internal DNS server to redirect my
requests so they are not going out to come back in.
If your Endian box is your DNS server, it is quite easy to do. Just go to the
Network tab and add a hosts entry for your machine. This way, when you try to
get to
-user] connecting to a PPPoE adsl modem.
Ok, using the uplink editor, in the network section, I was able to
cleanly remove the 10.0.0.1 addresse associated to ppp0.
Now how can I give this ip to the eth1 ?
Mike Knisely used his keyboard to write :
> Could be done at the command line; though,
ux command line ?
Mike Knisely expressed precisely :
> You've got the 10.0.0.0/24 on your PPP interface. This will try to drop
> these packets our the other end of your PPPoE connection. You need to link
> this IP to the NIC that i
.255.0 U 0 0 0 eth1
0.0.0.0193.253.160.3 0.0.0.0 UG0 0 0 ppp0
I cannot connect to the admin web site of my ADSL modem
http://10.0.0.138 <http://10.0.0.138/> , from my computer 172.16.0.100.
What should I do to make that working ?
Mike Knisely has
You'll want the secondary IP address network on the WAN side of your Endian to
be different than the IP range on your Green network. You're confusing the
route process with both being in the same network.
Mike K.
From: Chris [mailto:[EMAIL PROTECTED]
Sent: Mo
I realize this is not the answer you're looking for, but this is how I've
solved this issue. I set an alias on my Endian to resolve the FQDN to the IP
of the server in the DMZ.
Mike K.
From: Chris [mailto:[EMAIL PROTECTED]
Sent: Fri 10/31/2008 11:39
To: efw-u
For a connection to a PIX you'll use the IPSec VPN, not OpenVPN.
Mike K.
From: Aldo Alexander Leyva Alvarado [mailto:[EMAIL PROTECTED]
Sent: Mon 10/27/2008 19:27
To: efw-user@lists.sourceforge.net
Subject: [Efw-user] VPN Site TO Site
Hello
How can make VPN S
Make sure that your setup allows for split tunneling.
Mike K.
From: Roberto Azzaroni [mailto:[EMAIL PROTECTED]
Sent: Mon 10/27/2008 15:49
To: efw-user@lists.sourceforge.net
Subject: [Efw-user] IPSec VPN & Transparent Proxy on EFW-2.2rc2
Hi everyone,
today i've
Here is how I've done this setup.
First, I agree that this should be a routed setup. Given that your current LAN
is a /16, the broadcast traffic alone would likely saturate your Internet
pipes, so bridged mode is out.
In the routed scenario, you're going to have to choose a different network
Sure can!
Replace the stuff in brackets and run:
iptables -D PORTFWACCESS -p {tcp/udp/all} --dport {port:port} -j ACCEPT
That should take away the port forward. You'll still have it in the
input firewall rules.
Now, it would be great if someone who understands the firewall rules
would post, a
o once it's up and running. I also
plan on testing 2.2RC3 at my house... but free time at home is something I can
only dream of right now.
Mike Knisely
-Original Message-
From: Marco Aurelio [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 21, 2008 10:02 AM
To: efw-user@lists.sour
t appears to be an Allied Telesis
AT-9924T switch.
Mike K.
From: ozgurerdogan [mailto:[EMAIL PROTECTED]
Sent: Sat 10/18/2008 08:38
To: efw-user@lists.sourceforge.net
Subject: Re: [Efw-user] Entering correct subnet mask stops connection?
Mike Knisely wrote:
>
;m an IT teacher myself and sometimes it's really hard to explain this to
students... i think I'll use your mail...
cheers
Pedro
On Friday 17 October 2008 18:08:21 Mike Knisely wrote:
> First, I'm happy to hear you're going through the Cisco Academy. I am a
> graduat
: efw-user@lists.sourceforge.net
Subject: Re: [Efw-user] Entering correct subnet mask stops connection?
Thats exatcly what I meant Mike Knisely. I am a CCNA student and I know all
what you explained. So I have 16-31 and my netmask would be 255.255.255.240
and 16 is my gateway (network ID) and 31 is
The network number is derived by an doing a binary and between and IP
address and the subnet mask. The network umber ends up being all zeros
in the host porting of the address because a mask is all 0's to the
right of the break between hosts and networks.
Now, let's look at your address and ma
I've got several Pix firewalls, but I'm not about to assist him in breaking a
production firewall. If you don't know what you're doing on a Pix, you can
kill it.
Setting up the VPN consists of editing the NAT entries and playing with the
firewall rules. These are two things that, if you don'
Might want to try adding a host record on the Endian under Network ->
Edit Hosts. This way, when Endian proxys the DNS query it will respond
with the internal IP for the domain name.
Mike K.
-Original Message-
From: Janis Markevics [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 07, 20
Do you know anything about the Pix command line? If not, there is no way I'm
going to try to assist you over a forum to set this up. Also, different
versions of the PIX OS have different commands. Do you know the version you're
running. Cisco has some very good how-tos to help you acquire th
I'm confused by what you are asking... are you saying that traffic destined to
port 80/443 need a policy based route to set their next hop to the LAN on your
Endian box? Also, you need a sanity check on this policy so that it knows if
the connection is coming from some other squid server you're
er using its
address with the :1 port number added.
I don't think DHCP runs at install.
-Original Message-
From: Mike Knisely [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 01, 2008 1:54 PM
To: efw-user@lists.sourceforge.net
Subject: Re: [Efw-user] how do you set up?
Unfortun
Unfortunately, there is no way to tell which Endian chose to bridge to that
interface until you're in the web configuration. I'd definitely suggest trying
the other NIC just to test.
Once you are in the portal, you'll be able to choose which interface will be
the LAN.
Mike K.
_
What version are you using?
With all the versions I've used, you can see bandwidth graphs on the Status ->
Traffic Graphs page. This gives you the instantaneous bandwidth you are using
and graphs a history of bandwidth use. This does not give you an accumulated
data usage total.
I'm not su
In 2.2rcX go to Network -> Routing.
Mike K.
From: [EMAIL PROTECTED] on behalf of Steven Sher
Sent: Wed 9/17/2008 05:12
To: efw-user@lists.sourceforge.net
Subject: [Efw-user] routing with community edition
Am I correct in saying that the community version of E
totally figured out.
Mark
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mike
Knisely
Sent: 11 September 2008 15:14
To: efw-user@lists.sourceforge.net
Subject: RE: [Efw-user] IPHONE VPN, possible?
Honestly, your question is somewhat vagu
Honestly, your question is somewhat vague, can you give more information about
your desired setup.
Here is some basic info on how I've used Endian with IP phones and how I know
it can be used in conjunction with IP phones.
Endians can terminate IPSec and OpenVPN connections.
I've connecte
I solved this issue by following claurita's post on the bugtrack post
(http://bugs.endian.it/view.php?id=943). It does upgrade to .93.1.
Attached is the script that does pulls the RPMs and the updated conf.tmpl files.
Mike K.
From: [EMAIL PROTECTED] on behal
I've always put iftop and htop on my Endians, they're both great apps.
Mike K.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gregory
Machin
Sent: Wednesday, July 16, 2008 8:14 AM
To: efw-user@lists.sourceforge.net
Subject: [Efw-user] efw-toolbox
Hi I
x27;s just an inconvenience, but it would be nice to be able
to enable...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Mike Knisely
Sent: Monday, July 14, 2008 10:02 PM
To: efw-user@lists.sourceforge.net
Subject: Re: [Efw-user] efw 2.1
If you enable SSH,
If you enable SSH, you should be able to use SCP w/out issue. I'm no
longer running any 2.1; however, I'm fairly certain I've used SCP with
that version in the past.
Mike K.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of compdoc
Sent: Monday, July 07, 2
rked fine, don't know why
probably because tcp 443 port was not blocked???
My question is, is there a way to use skype with some defined tcp-udp
port, and not using 80-443???
thanks in advance for your help.
luca
On Thu, Jul 3, 2008 at 3:00 AM, Mike Knisely <[EMAIL PROTECTED]> wrote:
>
&
What version of Endian are you running?
To me, it looks like the ML is suggesting having your Skype devices connect
across web ports. You're systems specifically blocks those ports requiring
users pass authentication to the proxy. I'm thinking that won't work for you.
Are your users using Sk
eeding to run a SIP
device behind Endian. Can anyone else chime in on this with some experience or
a perspective?
M Knisely
-Original Message-
From: [EMAIL PROTECTED] on behalf of Mike Knisely
Sent: Wed 7/2/2008 08:32
To: efw-user@lists.sourceforge.net
Subject: [Efw-user] Endian 2.2rc1
I am using a VoIP service that does not support BYOD. I have been using this
service for a while with Endian 1.8 w/out issue; however, once I moved to
2.2rc1 I am unable to get audio into my SIP device. Audio out works fine.
I've attempted port forwarding the ports used for the RTP stream, SI
I have the same experience. I had several odd issues with 2.1.2 and found that
the consensus for my issues was to wait for 2.2. I'm testing 2.2rc21 now.
Nothing firm to report yet.
Mike
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gustavo Villaran
57 matches
Mail list logo
