[Shorewall-users] Shorewall 5.1.12

The Shorewall team is pleased to announce the availability of Shorewall 5.1.12. Problems Corrected: 1) This release contains defect repair from releases through 5.1.11.2. 2) Many typos in comments in the chains module have been corrected. 3) Dead code was removed. 4) A function that is

Re: [Shorewall-users] one to one DNAT to a machine from NET running on a LOC network

On 02/08/2018 10:52 AM, Zenny wrote: > On Thu, Feb 8, 2018 at 5:22 PM, Tom Eastep > wrote: > > On 02/08/2018 02:07 AM, Zenny wrote: > > Hi, > > > > I am trying to figure out to establish one-to-one NAT to a single > >

Re: [Shorewall-users] OpenVPN Shorewall configuration?

On 02/08/2018 11:33 AM, Bernard Drozd wrote: >>10.10.10.1 is in the fw ($FW) zone, not the loc zone and your road->fw policy >>is REJECT. This is abundantly clear just looking at the log: > > Thank you. > So how could I safely  'open' services behind fw (in the fw zone) for > OpenVPN'

Re: [Shorewall-users] OpenVPN Shorewall configuration?

10.10.10.1 is in the fw ($FW) zone, not the loc zone and your road->fw policy is REJECT. This is abundantly clear just looking at the log: Thank you. So how could I safely  'open' services behind fw (in the fw zone) for OpenVPN' roadwarriors? Will the insertion of this row: road        $FW   

Re: [Shorewall-users] one to one DNAT to a machine from NET running on a LOC network

On Thu, Feb 8, 2018 at 5:22 PM, Tom Eastep wrote: > On 02/08/2018 02:07 AM, Zenny wrote: > > Hi, > > > > I am trying to figure out to establish one-to-one NAT to a single > > development VM instance running in LOC network to cater it as if it is > > in the DMZ network. > >

Re: [Shorewall-users] OpenVPN Shorewall configuration?

On 02/08/2018 10:10 AM, Bernard Drozd wrote: >>Okay -- please collect and forward the output of 'shorewall dump' as >>described at http://www.shorewall/support.htm#Guidelines. > > Please find attached shorewall_dump output catched when I tried to > connect to  the local website on my server

Re: [Shorewall-users] OpenVPN Shorewall configuration?

Okay -- please collect and forward the output of 'shorewall dump' as described at http://www.shorewall/support.htm#Guidelines. Please find attached shorewall_dump output catched when I tried to connect to  the local website on my server 10.10.10.1 and 10.10.10.1:5001 from the LTE mobile

Re: [Shorewall-users] Command 'shorewall reload' behavior

On 02/08/2018 08:45 AM, Matt Darfeuille wrote: > On 2/8/2018 5:17 PM, Tom Eastep wrote: >> On 02/08/2018 04:20 AM, Matt Darfeuille wrote: >>> Hi, >>> >>> From: >>> >>> http://shorewall.org/manpages/shorewall.html >>> >>> "Reload is similar to shorewall start except that it assumes that the >>>

Re: [Shorewall-users] OpenVPN Shorewall configuration?

On 02/08/2018 08:55 AM, Bernard Drozd wrote: > tcpdump is in the listening mode but shows nothing when I ping 10.8.0.6 > (from other terminal session) > ela@akacja:~$ sudo tcpdump -ni tun0 icmp > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on tun0,

Re: [Shorewall-users] OpenVPN Shorewall configuration?

tcpdump is in the listening mode but shows nothing when I ping 10.8.0.6 (from other terminal session) ela@akacja:~$ sudo tcpdump -ni tun0 icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes I

Re: [Shorewall-users] Command 'shorewall reload' behavior

On 2/8/2018 5:17 PM, Tom Eastep wrote: > On 02/08/2018 04:20 AM, Matt Darfeuille wrote: >> Hi, >> >> From: >> >> http://shorewall.org/manpages/shorewall.html >> >> "Reload is similar to shorewall start except that it assumes that the >> firewall is already started. Existing connections are

Re: [Shorewall-users] OpenVPN Shorewall configuration?

On 02/08/2018 04:35 AM, Bernard Drozd wrote: > Hi, >> What address did the Android device get? > 10.8.0.6 > >> While pinging, it would be good to be running: >> tcpdump -ni tun0 icmp >> That way, you can see the ping traffic going out tun0 and coming in >> that interface. > When I try ping

Re: [Shorewall-users] one to one DNAT to a machine from NET running on a LOC network

On 02/08/2018 02:07 AM, Zenny wrote: > Hi, > > I am trying to figure out to establish one-to-one NAT to a single > development VM instance running in LOC network to cater it as if it is > in the DMZ network.  > > Appreciate your inputs. Thanks.  > I don't understand completely what you are

Re: [Shorewall-users] Command 'shorewall reload' behavior

On 02/08/2018 04:20 AM, Matt Darfeuille wrote: > Hi, > > From: > > http://shorewall.org/manpages/shorewall.html > > "Reload is similar to shorewall start except that it assumes that the > firewall is already started. Existing connections are maintained." > > If I do 'shorewall stop' followed

Re: [Shorewall-users] OpenVPN Shorewall configuration?

Hi, What address did the Android device get? 10.8.0.6 While pinging, it would be good to be running: tcpdump -ni tun0 icmp That way, you can see the ping traffic going out tun0 and coming in that interface. When I try ping Android (10.8.0.6) from LAN unfortunately receive 'Destination Host

[Shorewall-users] Command 'shorewall reload' behavior

Hi, From: http://shorewall.org/manpages/shorewall.html "Reload is similar to shorewall start except that it assumes that the firewall is already started. Existing connections are maintained." If I do 'shorewall stop' followed by 'shorewall reload' the firewall will be started: $ shorewall

[Shorewall-users] one to one DNAT to a machine from NET running on a LOC network

Hi, I am trying to figure out to establish one-to-one NAT to a single development VM instance running in LOC network to cater it as if it is in the DMZ network. Appreciate your inputs. Thanks. -- Cheers, /z -.. .. ... -.-. .-.. .- .. -- . .-. | -.. .. ... -.-. .-.. .- .. -- . .-.