Re: [Shorewall-users] shorewall blocks inbound traffic in port 25

On 6/14/21, Benny Pedersen wrote: > On 2021-06-14 09:44, Zenny wrote: > >> Outside is already loopback-only mode. >> >> Did I miss something? > > is there a mx i can check ? :=) yep mx.freeregistrar.net (it was a working instance and suddenly stopped working)

Re: [Shorewall-users] shorewall blocks inbound traffic in port 25

On 6/14/21, Zenny wrote: > On 6/14/21, Benny Pedersen wrote: >> On 2021-06-14 08:04, Zenny wrote: >> >>> root@server2:~# netstat -lnp | grep :25 >>> tcp0 0 127.0.0.1:250.0.0.0:* >>>LISTEN 27946/master >&

Re: [Shorewall-users] shorewall blocks inbound traffic in port 25

On 6/14/21, Benny Pedersen wrote: > On 2021-06-14 08:04, Zenny wrote: > >> root@server2:~# netstat -lnp | grep :25 >> tcp0 0 127.0.0.1:250.0.0.0:* >>LISTEN 27946/master >> >> Where did I miss the wagon? > >

Re: [Shorewall-users] shorewall blocks inbound traffic in port 25

On 6/14/21, Zenny wrote: > Thanks Benny for querying. > > On 6/14/21, Benny Pedersen wrote: >> On 2021-06-13 22:19, Zenny wrote: >> >>> I have disabled ipv6 and pve-firewall and ufw completely in the >>> proxmox host and the lxc guest respectively, fyi. &g

Re: [Shorewall-users] shorewall blocks inbound traffic in port 25

Thanks Benny for querying. On 6/14/21, Benny Pedersen wrote: > On 2021-06-13 22:19, Zenny wrote: > >> I have disabled ipv6 and pve-firewall and ufw completely in the >> proxmox host and the lxc guest respectively, fyi. >> >> Any inputs to overcome this is

[Shorewall-users] shorewall blocks inbound traffic in port 25

Hi, I am running a NATed mailserver in a lxc container in a Proxmox4 host, the latter uses Shorewall 4.6 (my favorite). I have detailed the setup and the inbound smtp traffic blockage in https://forum.proxmox.com/threads/sending-and-receiving-emails-issue.55531/post-396570 with the iptables-save

Re: [Shorewall-users] IPTables to Shorewall

Add a rule like net (public ip) and dmz (destination): DNATnet dmz:y.y.y.y:5060 udp 5061 On Fri, Mar 23, 2018 at 8:18 AM, Zenny <garbytr...@gmail.com> wrote: > Use DNAT. http://shorewall.net/FAQ.htm#DNS-DNAT Hope this helps. > > > > On F

Re: [Shorewall-users] IPTables to Shorewall

Use DNAT. http://shorewall.net/FAQ.htm#DNS-DNAT Hope this helps. On Fri, Mar 23, 2018 at 6:24 AM, Andrea Bodrati wrote: > Greetings, > I'm trying to write the following rules in /etc/shorewall/rules but I > can't find any reference on how to do that : > iptables -t nat -I

Re: [Shorewall-users] preliminary query about wireguard.io (wg0) and shorewall config

On Thu, Feb 22, 2018 at 6:09 PM, Zenny <garbytr...@gmail.com> wrote: > On Wed, Feb 21, 2018 at 8:28 PM, Tom Eastep <teas...@shorewall.net> wrote: > >> Resending this, as the SF mail list problems seemed to have lost the >> original. >> >> On 02/19/2018 1

Re: [Shorewall-users] preliminary query about wireguard.io (wg0) and shorewall config

On Wed, Feb 21, 2018 at 8:28 PM, Tom Eastep <teas...@shorewall.net> wrote: > Resending this, as the SF mail list problems seemed to have lost the > original. > > On 02/19/2018 11:36 PM, Zenny wrote: > > Hi, > > > > I am planning to add wireguard.io

[Shorewall-users] preliminary query about wireguard.io (wg0) and shorewall config

Hi, I am planning to add wireguard.io interface (wg0) to the running three-interface shorewall (I do not use too complex vyatta-firewall with (net,loc and dmz) as explained at https://github.com/Lochnair/vyatta-wireguard and

Re: [Shorewall-users] one to one DNAT to a machine from NET running on a LOC network

On Thu, Feb 8, 2018 at 9:11 PM, Tom Eastep <teas...@shorewall.net> wrote: > On 02/08/2018 10:52 AM, Zenny wrote: > > On Thu, Feb 8, 2018 at 5:22 PM, Tom Eastep <teas...@shorewall.net > > <mailto:teas...@shorewall.net>> wrote: > > > > On 0

Re: [Shorewall-users] one to one DNAT to a machine from NET running on a LOC network

On Thu, Feb 8, 2018 at 5:22 PM, Tom Eastep <teas...@shorewall.net> wrote: > On 02/08/2018 02:07 AM, Zenny wrote: > > Hi, > > > > I am trying to figure out to establish one-to-one NAT to a single > > development VM instance running in LOC network to cater it a

[Shorewall-users] one to one DNAT to a machine from NET running on a LOC network

Hi, I am trying to figure out to establish one-to-one NAT to a single development VM instance running in LOC network to cater it as if it is in the DMZ network. Appreciate your inputs. Thanks. -- Cheers, /z -.. .. ... -.-. .-.. .- .. -- . .-. | -.. .. ... -.-. .-.. .- .. -- . .-.

Re: [Shorewall-users] logging router running shorewall in the DMZ VM in NAT mode running behind

; > Le 15 mai 2017 19:16:06 GMT+02:00, Tom Eastep <teas...@shorewall.net> a > écrit : >>-BEGIN PGP SIGNED MESSAGE- >>Hash: SHA256 >> >>On 05/15/2017 09:21 AM, Zenny wrote: >>> Thanks Tom for your input. >>> >>> But I have the port

Re: [Shorewall-users] logging router running shorewall in the DMZ VM in NAT mode running behind

dmz ACCEPT Yet it didn't seem to work. On 5/15/17, Tom Eastep <teas...@shorewall.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On 05/14/2017 10:07 AM, Zenny wrote: >> Hi, >> >> I appended "*.* @@:514" in

[Shorewall-users] logging router running shorewall in the DMZ VM in NAT mode running behind

Hi, I appended "*.* @@:514" in the router running shorewall so that I can centralize logging, but it does not log, although port 514 has been DNATed to the local DMZ VM in shorewall rules. However, logging from all other shorewall firewall from remote instances works with "*.* @@:514. Is there a

Re: [Shorewall-users] Shorewall and port 465,587,993,995 not open

> > On 02/15/2017 01:12 AM, Zenny wrote: >> On 2/15/17, Zenny <garbytr...@gmail.com> wrote: >>> Hi, >>> >>> I have shorewall 4.6 with the rules in which I have DNATted >>> required ports ( (including smtp and postfix+dovecot related >>>

Re: [Shorewall-users] Shorewall and port 465,587,993,995 not open

On 2/15/17, Zenny <garbytr...@gmail.com> wrote: > Hi, > > I have shorewall 4.6 with the rules in which I have DNATted required > ports ( (including smtp and postfix+dovecot related ports forwareded > viz. 25, 465, 587, 993, and 995) to an internal server (a lxc VM). > &

[Shorewall-users] Shorewall and port 465,587,993,995 not open

Hi, I have shorewall 4.6 with the rules in which I have DNATted required ports ( (including smtp and postfix+dovecot related ports forwareded viz. 25, 465, 587, 993, and 995) to an internal server (a lxc VM). However, on the machine that I run Shorewall, it says only port 25 is open, but not

[Shorewall-users] Shorewall 4.6 and Suricata integration in Proxmox 4.1

Hi, I added a rule for SURICATA as Tom replied in https://sourceforge.net/p/shorewall/mailman/message/34120611/ NFQUEUE(0) allall tcphttp,https but that appears to stop all network. I am trying to integrate Shorewall with Suricata as stated at the end of this page

Re: [Shorewall-users] ad blocking to all connections out from a LOC zone

On 2/11/16, Tom Eastep <teas...@shorewall.net> wrote: > On 02/10/2016 10:53 AM, Zenny wrote: >> On 2/10/16, Tom Eastep <teas...@shorewall.net> wrote: >>> On 2/9/2016 10:08 AM, Zenny wrote: >>>> On 2/9/16, Tom Eastep <teas...@shorewall.net>

Re: [Shorewall-users] ad blocking to all connections out from a LOC zone

On 2/10/16, Tom Eastep <teas...@shorewall.net> wrote: > On 2/9/2016 10:08 AM, Zenny wrote: >> On 2/9/16, Tom Eastep <teas...@shorewall.net> wrote: >>> On 02/09/2016 07:31 AM, Zenny wrote: >>>> Hi, >>>> >>>> Usually I add restrict

[Shorewall-users] ad blocking to all connections out from a LOC zone

Hi, Usually I add restricted URLs from lists like adaway to /etc/hosts file to a client computer. But is there a way to implement all over a certain zone (usually LOC) from the shorewall itself? Thanks! /z -- Site24x7

Re: [Shorewall-users] ad blocking to all connections out from a LOC zone

On 2/9/16, Tom Eastep <teas...@shorewall.net> wrote: > On 02/09/2016 07:31 AM, Zenny wrote: >> Hi, >> >> Usually I add restricted URLs from lists like adaway to /etc/hosts >> file to a client computer. >> >> But is there a way to implement

Re: [Shorewall-users] rule for allowing users in LOC zone to the websites running in DMZ zone

Thanks Tom, Jeremy for pointing to FAQ2 which solved the issue. Thanks to Damiano for hinting about unNATed network configuration. Cheers, /z On 1/31/16, Damiano Verzulli wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Il 30/01/2016 17:55, Jeremy Baker ha

Re: [Shorewall-users] rule for allowing users in LOC zone to the websites running in DMZ zone

On 1/30/16, Tom Eastep <teas...@shorewall.net> wrote: > On 1/29/2016 10:58 AM, Zenny wrote: >> Hi, >> >> I am using 3-interface shorewall and working very well. However, I >> could not figure out how can the users in LOC zone access the websites >> running

[Shorewall-users] rule for allowing users in LOC zone to the websites running in DMZ zone

Hi, I am using 3-interface shorewall and working very well. However, I could not figure out how can the users in LOC zone access the websites running in DMZ zone? Appending: Web(ACCEPT) locdmz:192.168.10.111 to rules didn'd do as expected. Instead, trying to access the websites running in

[Shorewall-users] shorewall in edge router lite (ERL3)

Hi, Since EdgeOS (vyos) does not have a zone based firewall by default in addition to the cli based solutions as described here (https://help.ubnt.com/hc/en-us/articles/204952154-EdgeMAX-Zone-Policy-CLI-Example) is a PITA, has someone deployed shorewall to EdgeRouterLite3? I searched around, but

Re: [Shorewall-users] Shorewall in a remote Openvz HN

Thanks, Roberto for the pointer. I shall have a look. Happy New Year! On 12/31/13, Roberto C. Sánchez robe...@connexer.com wrote: On Tue, Dec 31, 2013 at 10:53:05AM +0100, Zenny wrote: Forgot to mention in my previous query that the machine has no loc (it is a remote machine). Only a machine

[Shorewall-users] Shorewall in a remote Openvz HN

the alias eth0:1. Is routing through an alias (eth0:1) possible using shorewall? Or is there any working examples? I am using CentOS5.10. Inputs appreciated! Thanks! /zenny -- Rapidly troubleshoot problems before

Re: [Shorewall-users] Among 3 interfaces LAN does not reach Internet Suddenly

BOOTPROTO=static BROADCAST=192.168.9.255 HWADDR=00:30:F1:10:9E:AE IPADDR=192.168.9.254 NETMASK=255.255.255.0 NETWORK=192.168.9.0 ONBOOT=yes Thanks and have a nice weekend! On 7/5/13, Tom Eastep teas...@shorewall.net wrote: On 07/04/2013 12:14 AM, Zenny wrote: Hi Tom: Did you get the shorewall dump

[Shorewall-users] Among 3 interfaces LAN does not reach Internet Suddenly

Hi: Two shorewall boxes are installed in two different places with latest stable versions with three interfaces (eth0NET, eth1LAN and eth2DMZ), and running without any hitches for 3 years with the same configuration . All of a sudden a few days back, the LAN in both places stopped reaching

[Shorewall-users] how to incorporate some security features in shorewall?

There are very interesting security enhancement at http://www.yolinux.com/TUTORIALS/LinuxTutorialInternetSecurity.html using iptables. It would be interesting to learn how they could be integrated into shorewall rules/policy like http://www.spamhaus.org/drop/drop.lasso list,

Re: [Shorewall-users] shorewall + asterisk

Simon is right. Shorewall maintains its own space without affecting anything except iptables because it is a wrapper to iptables. Shorewall.net has the most comprehensive set of documents compared to that of FreeBSD. Any confusion gets settled by visiting the shorewall documentation, it is that

Re: [Shorewall-users] shorewall + asterisk

Please check the two interface example from http://shorewall.net/two-interface.htm And open the ports that you need for asterisk viz. 3178 for STUN UDP 4569 for IAX2 TCP 5060-5090 for SIP TCP 1-2 for RTP UDP Hope this helps. On 2/28/12, Costantino watchs...@yahoo.co.uk wrote: I have