Re: [Shorewall-users] Security question around MySQL Replication

---Bill Shirley- Il 2017-09-11 19:01 Bill Shirley ha scritto: Both are good suggestions: block all IP addresses at the firewall except your slave, configure MySQL SSL.  See: https://www.mail-archive.com/shorewall-users@lists.sourceforge.net/msg20502.html Of course,

[Shorewall-users] Security question around MySQL Replication

Hi friends, I've enabled between two servers (VPS Debian Jessie), the MySQL Replication feature. For this I've open the "3306" port. My question: is this a safe operation or should I also do something other for improve the firewall level, always without the risk or compromising

Re: [Shorewall-users] Enabling Postfix MX backup server and port issues

Il 2017-08-24 20:48 Tom Eastep ha scritto: As far as I am aware, neither UDP port 1370 nor TCP port 1328 have anything to do with Postfix. [..] Well, this is already something.. Il 2017-08-24 21:47 Tom Eastep ha scritto: On 08/24/2017 11:48 AM, Tom Eastep wrote: As far as I am aware,

[Shorewall-users] Enabling Postfix MX backup server and port issues

Hi friends, I'm enabling Postfix MX backup server and from that moment I see "mydestination" and "relay_domains" ip DROP(ped) "mydestination" is:91.205.175.213 (SERVER1) "relay_domains" is:5.189.166.16 (SERVER2) As here you can see: SERVER1: Aug 24 18:13:22 server kernel: [17818755.169878]

Re: [Shorewall-users] MySQL Replication with ssl connection and ports configuration

[..] Hi Davide, Diagnosing something like this typically requires the complete output of 'shorewall dump'. However, based on the syslog messages it looks like you simply need to add the 'routeback' option to the eth0 line in /etc/shorewall/interfaces on both hosts. If that does not

[Shorewall-users] MySQL Replication with ssl connection and ports configuration

Hi friends, I've just configured MySQL Replication, between two VPS Debian Jessie. I've open the 3306 port on each server and ssh port (60319), but this seem not sufficient, could you suggest me please if I should open other specific TCP/UDP port? This is "rules" for "MASTER" server:

Re: [Shorewall-users] ProFtpd Shorewall DROP net-fw TLS connection from client ftp

[..] To handle a protocol like FTP, Netfilter must inspect each packet of the control connection in order to be able to automatically open data connections. When the control connection is encrypted, it can't do that and hence data connections are rejected. To work around this, you will need

[Shorewall-users] ProFtpd Shorewall DROP net-fw TLS connection from client ftp

Hi friends, On Debian Jessie, I've configured ProFtpd to connect by tls (SSLv3 TLSv1 -> Letsencypt certificate) on port but with Shorewall up, it DROP the connection: Aug 8 18:50:10 server kernel: [16438563.572121] Shorewall:net-fw:DROP:IN=eth0 OUT=