On 6/14/21, Benny Pedersen wrote:
> On 2021-06-14 09:44, Zenny wrote:
>
>> Outside is already loopback-only mode.
>>
>> Did I miss something?
>
> is there a mx i can check ? :=)
yep mx.freeregistrar.net (it was a working instance and suddenly
stopped working)
On 6/14/21, Zenny wrote:
> On 6/14/21, Benny Pedersen wrote:
>> On 2021-06-14 08:04, Zenny wrote:
>>
>>> root@server2:~# netstat -lnp | grep :25
>>> tcp0 0 127.0.0.1:250.0.0.0:*
>>>LISTEN 27946/master
>&
On 6/14/21, Benny Pedersen wrote:
> On 2021-06-14 08:04, Zenny wrote:
>
>> root@server2:~# netstat -lnp | grep :25
>> tcp0 0 127.0.0.1:250.0.0.0:*
>>LISTEN 27946/master
>>
>> Where did I miss the wagon?
>
>
On 6/14/21, Zenny wrote:
> Thanks Benny for querying.
>
> On 6/14/21, Benny Pedersen wrote:
>> On 2021-06-13 22:19, Zenny wrote:
>>
>>> I have disabled ipv6 and pve-firewall and ufw completely in the
>>> proxmox host and the lxc guest respectively, fyi.
&g
Thanks Benny for querying.
On 6/14/21, Benny Pedersen wrote:
> On 2021-06-13 22:19, Zenny wrote:
>
>> I have disabled ipv6 and pve-firewall and ufw completely in the
>> proxmox host and the lxc guest respectively, fyi.
>>
>> Any inputs to overcome this is
Hi,
I am running a NATed mailserver in a lxc container in a Proxmox4 host,
the latter uses Shorewall 4.6 (my favorite). I have detailed the setup
and the inbound smtp traffic blockage in
https://forum.proxmox.com/threads/sending-and-receiving-emails-issue.55531/post-396570
with the iptables-save
Add a rule like net (public ip) and dmz (destination):
DNATnet dmz:y.y.y.y:5060 udp 5061
On Fri, Mar 23, 2018 at 8:18 AM, Zenny <garbytr...@gmail.com> wrote:
> Use DNAT. http://shorewall.net/FAQ.htm#DNS-DNAT Hope this helps.
>
>
>
> On F
Use DNAT. http://shorewall.net/FAQ.htm#DNS-DNAT Hope this helps.
On Fri, Mar 23, 2018 at 6:24 AM, Andrea Bodrati wrote:
> Greetings,
> I'm trying to write the following rules in /etc/shorewall/rules but I
> can't find any reference on how to do that :
> iptables -t nat -I
On Thu, Feb 22, 2018 at 6:09 PM, Zenny <garbytr...@gmail.com> wrote:
> On Wed, Feb 21, 2018 at 8:28 PM, Tom Eastep <teas...@shorewall.net> wrote:
>
>> Resending this, as the SF mail list problems seemed to have lost the
>> original.
>>
>> On 02/19/2018 1
On Wed, Feb 21, 2018 at 8:28 PM, Tom Eastep <teas...@shorewall.net> wrote:
> Resending this, as the SF mail list problems seemed to have lost the
> original.
>
> On 02/19/2018 11:36 PM, Zenny wrote:
> > Hi,
> >
> > I am planning to add wireguard.io
Hi,
I am planning to add wireguard.io interface (wg0) to the running
three-interface shorewall (I do not use too complex vyatta-firewall with
(net,loc and dmz) as explained at
https://github.com/Lochnair/vyatta-wireguard and
On Thu, Feb 8, 2018 at 9:11 PM, Tom Eastep <teas...@shorewall.net> wrote:
> On 02/08/2018 10:52 AM, Zenny wrote:
> > On Thu, Feb 8, 2018 at 5:22 PM, Tom Eastep <teas...@shorewall.net
> > <mailto:teas...@shorewall.net>> wrote:
> >
> > On 0
On Thu, Feb 8, 2018 at 5:22 PM, Tom Eastep <teas...@shorewall.net> wrote:
> On 02/08/2018 02:07 AM, Zenny wrote:
> > Hi,
> >
> > I am trying to figure out to establish one-to-one NAT to a single
> > development VM instance running in LOC network to cater it a
Hi,
I am trying to figure out to establish one-to-one NAT to a single
development VM instance running in LOC network to cater it as if it is in
the DMZ network.
Appreciate your inputs. Thanks.
--
Cheers,
/z
-.. .. ... -.-. .-.. .- .. -- . .-. | -.. .. ... -.-. .-.. .- .. -- . .-.
;
> Le 15 mai 2017 19:16:06 GMT+02:00, Tom Eastep <teas...@shorewall.net> a
> écrit :
>>-BEGIN PGP SIGNED MESSAGE-
>>Hash: SHA256
>>
>>On 05/15/2017 09:21 AM, Zenny wrote:
>>> Thanks Tom for your input.
>>>
>>> But I have the port
dmz ACCEPT
Yet it didn't seem to work.
On 5/15/17, Tom Eastep <teas...@shorewall.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 05/14/2017 10:07 AM, Zenny wrote:
>> Hi,
>>
>> I appended "*.* @@:514" in
Hi,
I appended "*.* @@:514" in the router
running shorewall so that I can centralize logging, but it does not
log, although port 514 has been DNATed to the local DMZ VM in
shorewall rules. However, logging from all other shorewall firewall
from remote instances works with "*.* @@:514.
Is there a
>
> On 02/15/2017 01:12 AM, Zenny wrote:
>> On 2/15/17, Zenny <garbytr...@gmail.com> wrote:
>>> Hi,
>>>
>>> I have shorewall 4.6 with the rules in which I have DNATted
>>> required ports ( (including smtp and postfix+dovecot related
>>>
On 2/15/17, Zenny <garbytr...@gmail.com> wrote:
> Hi,
>
> I have shorewall 4.6 with the rules in which I have DNATted required
> ports ( (including smtp and postfix+dovecot related ports forwareded
> viz. 25, 465, 587, 993, and 995) to an internal server (a lxc VM).
>
&
Hi,
I have shorewall 4.6 with the rules in which I have DNATted required
ports ( (including smtp and postfix+dovecot related ports forwareded
viz. 25, 465, 587, 993, and 995) to an internal server (a lxc VM).
However, on the machine that I run Shorewall, it says only port 25 is
open, but not
Hi,
I added a rule for SURICATA as Tom replied in
https://sourceforge.net/p/shorewall/mailman/message/34120611/
NFQUEUE(0) allall tcphttp,https
but that appears to stop all network. I am trying to integrate
Shorewall with Suricata as stated at the end of this page
On 2/11/16, Tom Eastep <teas...@shorewall.net> wrote:
> On 02/10/2016 10:53 AM, Zenny wrote:
>> On 2/10/16, Tom Eastep <teas...@shorewall.net> wrote:
>>> On 2/9/2016 10:08 AM, Zenny wrote:
>>>> On 2/9/16, Tom Eastep <teas...@shorewall.net>
On 2/10/16, Tom Eastep <teas...@shorewall.net> wrote:
> On 2/9/2016 10:08 AM, Zenny wrote:
>> On 2/9/16, Tom Eastep <teas...@shorewall.net> wrote:
>>> On 02/09/2016 07:31 AM, Zenny wrote:
>>>> Hi,
>>>>
>>>> Usually I add restrict
Hi,
Usually I add restricted URLs from lists like adaway to /etc/hosts
file to a client computer.
But is there a way to implement all over a certain zone (usually LOC)
from the shorewall itself?
Thanks!
/z
--
Site24x7
On 2/9/16, Tom Eastep <teas...@shorewall.net> wrote:
> On 02/09/2016 07:31 AM, Zenny wrote:
>> Hi,
>>
>> Usually I add restricted URLs from lists like adaway to /etc/hosts
>> file to a client computer.
>>
>> But is there a way to implement
Thanks Tom, Jeremy for pointing to FAQ2 which solved the issue.
Thanks to Damiano for hinting about unNATed network configuration.
Cheers,
/z
On 1/31/16, Damiano Verzulli wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Il 30/01/2016 17:55, Jeremy Baker ha
On 1/30/16, Tom Eastep <teas...@shorewall.net> wrote:
> On 1/29/2016 10:58 AM, Zenny wrote:
>> Hi,
>>
>> I am using 3-interface shorewall and working very well. However, I
>> could not figure out how can the users in LOC zone access the websites
>> running
Hi,
I am using 3-interface shorewall and working very well. However, I
could not figure out how can the users in LOC zone access the websites
running in DMZ zone?
Appending:
Web(ACCEPT) locdmz:192.168.10.111
to rules didn'd do as expected. Instead, trying to access the websites
running in
Hi,
Since EdgeOS (vyos) does not have a zone based firewall by default in
addition to the cli based solutions as described here
(https://help.ubnt.com/hc/en-us/articles/204952154-EdgeMAX-Zone-Policy-CLI-Example)
is a PITA, has someone deployed shorewall to EdgeRouterLite3?
I searched around, but
Thanks, Roberto for the pointer. I shall have a look. Happy New Year!
On 12/31/13, Roberto C. Sánchez robe...@connexer.com wrote:
On Tue, Dec 31, 2013 at 10:53:05AM +0100, Zenny wrote:
Forgot to mention in my previous query that the machine has no loc (it
is a remote machine). Only a machine
the alias
eth0:1.
Is routing through an alias (eth0:1) possible using shorewall? Or is
there any working examples? I am using CentOS5.10. Inputs appreciated!
Thanks!
/zenny
--
Rapidly troubleshoot problems before
BOOTPROTO=static
BROADCAST=192.168.9.255
HWADDR=00:30:F1:10:9E:AE
IPADDR=192.168.9.254
NETMASK=255.255.255.0
NETWORK=192.168.9.0
ONBOOT=yes
Thanks and have a nice weekend!
On 7/5/13, Tom Eastep teas...@shorewall.net wrote:
On 07/04/2013 12:14 AM, Zenny wrote:
Hi Tom:
Did you get the shorewall dump
Hi:
Two shorewall boxes are installed in two different places with latest
stable versions with three interfaces (eth0NET, eth1LAN and
eth2DMZ), and running without any hitches for 3 years with the same
configuration .
All of a sudden a few days back, the LAN in both places stopped
reaching
There are very interesting security enhancement at
http://www.yolinux.com/TUTORIALS/LinuxTutorialInternetSecurity.html
using iptables.
It would be interesting to learn how they could be integrated into
shorewall rules/policy like http://www.spamhaus.org/drop/drop.lasso
list,
Simon is right. Shorewall maintains its own space without affecting
anything except iptables because it is a wrapper to iptables.
Shorewall.net has the most comprehensive set of documents compared to
that of FreeBSD. Any confusion gets settled by visiting the shorewall
documentation, it is that
Please check the two interface example from
http://shorewall.net/two-interface.htm
And open the ports that you need for asterisk viz.
3178 for STUN UDP
4569 for IAX2 TCP
5060-5090 for SIP TCP
1-2 for RTP UDP
Hope this helps.
On 2/28/12, Costantino watchs...@yahoo.co.uk wrote:
I have
36 matches
Mail list logo