Thanks, Tom, for taking the time to clear this up for
me. I really appreciate the help.
Chad
--- Tom Eastep <[EMAIL PROTECTED]> wrote:
> C. Albers wrote:
> > Hi Tom,
> >
> > The problem isn't so much that I have made a
> > connection
> > from loc->net on UDP port 500 (and 1), but the
> > o
Tom Eastep wrote:
> C. Albers wrote:
>> Hi Tom,
>>
>> The problem isn't so much that I have made a
>> connection
>> from loc->net on UDP port 500 (and 1), but the
>> other way around, net->loc. If I understanding your
>> firewall correctly, the rules in the rules config file
>> are exceptions
C. Albers wrote:
> Hi Tom,
>
> The problem isn't so much that I have made a
> connection
> from loc->net on UDP port 500 (and 1), but the
> other way around, net->loc. If I understanding your
> firewall correctly, the rules in the rules config file
> are exceptions to a net->loc DROP policy.
Hi Tom,
The problem isn't so much that I have made a
connection
from loc->net on UDP port 500 (and 1), but the
other way around, net->loc. If I understanding your
firewall correctly, the rules in the rules config file
are exceptions to a net->loc DROP policy. For
example,
as an exception, I
Tom Eastep wrote:
> C. Albers wrote:
>> I have attached both dump files. I don't find
>> diff'ing
>> the files very informative. Maybe you can see
>> something that I can't.
>>
>> As far as your gut feeling goes, I have no idea how my
>> VPN traffic could not touch my firewall and get out on
>>
C. Albers wrote:
> I have attached both dump files. I don't find
> diff'ing
> the files very informative. Maybe you can see
> something that I can't.
>
> As far as your gut feeling goes, I have no idea how my
> VPN traffic could not touch my firewall and get out on
> the internet. There's only
I have attached both dump files. I don't find
diff'ing
the files very informative. Maybe you can see
something that I can't.
As far as your gut feeling goes, I have no idea how my
VPN traffic could not touch my firewall and get out on
the internet. There's only one way out of my internal
lan:
Tom Eastep wrote:
> Paul Gear wrote:
>
>> Try this:
>> 1. run 'shorewall clear' (to reset your counters)
>
> Please make that "shorewall reset" -- "shorewall clear" opens your
> firewall to the world.
Whoops! :-)
Paul
signature.asc
Description: OpenPGP digital signature
---
Paul Gear wrote:
>
> Try this:
> 1. run 'shorewall clear' (to reset your counters)
Please make that "shorewall reset" -- "shorewall clear" opens your
firewall to the world.
> 2. save your 'shorewall dump' output in a file
> 3. make a VPN connection through your firewall
> 4. save your 'shorewal
C. Albers wrote:
> Hi Paul,
>
> Sorry about that. This dump has the udp log messages
> in it that relate to the ipsec connections over port
> 500 and port 1 - which theorectically, should be
> closed, until I open them in the rules config file.
>
> The log messages occur after the "Chain t
Hi Paul,
Sorry about that. This dump has the udp log messages
in it that relate to the ipsec connections over port
500 and port 1 - which theorectically, should be
closed, until I open them in the rules config file.
The log messages occur after the "Chain tcpre"
section.
Thanks for your h
C. Albers wrote:
> Okay.
>
> Attached is the gzip shorewall dump file.
Chad,
Could you please make some VPN attempts and take a dump without
restarting Shorewall in between? I can't see any evidence of the
problem you mentioned in your original post.
Regards,
Paul
signature.asc
Description:
Okay.
Attached is the gzip shorewall dump file.
Thanks,
Chad
--- Tom Eastep <[EMAIL PROTECTED]> wrote:
> C. Albers wrote:
> > I'll send the dump
> > file as requested, since I don't exactly fall
> inside the #3 flowchart position on the support
> guide.
>
> I guess that I need to change the
C. Albers wrote:
> I'll send the dump
> file as requested, since I don't exactly fall inside the #3 flowchart
> position on the support guide.
I guess that I need to change the flowchart to say that "connection
problems" include the case where a connection is accepted when the user
doesn't think
age
From: Tom Eastep <[EMAIL PROTECTED]>
To: Shorewall Users
Sent: Sunday, September 24, 2006 5:17:53 PM
Subject: Re: [Shorewall-users] Shorewall and UDP port 500
C. Albers wrote:
Please configure your mailer to break lines at some reasonable width.
Your whole post is one long line!
Post your configuration files (perhaps with IP addresses removed/obfuscated and we'll see where the hole lies!Feel free to contact me off-list.Regards,Jan Mulders
On 24/09/06, Tom Eastep <[EMAIL PROTECTED]> wrote:
C. Albers wrote:Please configure your mailer to break lines at some reasonable width.
C. Albers wrote:
Please configure your mailer to break lines at some reasonable width.
Your whole post is one long line!
> I installed shorewall 3.0.7-1 on my Debian box and pretty much ran it out of
> the box
> Is that the default behavior of shorewall? (I would have assumed that
> I need to
Hi,
I installed shorewall 3.0.7-1 on my Debian box and pretty much ran it out of
the box after adding a few macros. I'm running it on a gateway between the net
and my local lan. The other day, without thinking, I logged into my work
network using a VPN client and it worked. However, I nev
18 matches
Mail list logo