Re: [Shorewall-users] Centos7: SELinux is preventing /usr/bin/touch from 'write' accesses on the file shorewall

It's not clear what you're doing here. In several cases you have the output of ls -Z, without entering the command? Yes selinux is prohibiting from looking at {getattr}, creating {write}, or deleting {unlink} the shorewall lockfile. The correct setting for the lockfile (and the path down to

[Shorewall-users] IPSec Tunneling

I have a VM which is the LAN router, and another VM in the LAN which is the ipsec gateway. (strongswan) I'm not fully understanding the guide here; http://www.shorewall.net/IPSEC-2.6.html - Does this still apply to kernel 4.*? There isn't a

Re: [Shorewall-users] IPSec Tunneling

I did not mention IPSEC SAs. The problem with trying to access the rest > of the LAN is that response packets from other LAN systems aren't routed > back through the IPEC endpoint. As I mentioned, you can force that to > happen by using SNAT on the endpoint host, if you are willing to accept >

Re: [Shorewall-users] IPSec Tunneling

> I'll look at what you say below Bill. > > But keep in mind that the attacks I'm concerned about are typically buffer > overflows and other sideband attacks. Directness rarely succeeds in hacking > these days. There are always unknown vulns. > > I'm suspicioning that the reason Tom says that

Re: [Shorewall-users] IPSec Tunneling

> DNAT { SOURCE=net, DEST=apps:172.20.2.44, PROTO=udp, > DPORT=500,4500, ORIGDEST=$IPSEC_IP } Tom, on this line, is IPSEC_IP something I must set? If so, would this be the router's outside IP? Could I do a command substitution like $(curl ipinfo.io/ip)

Re: [Shorewall-users] IPSec Tunneling

>> DNAT { SOURCE=net, DEST=apps:172.20.2.44, PROTO=udp, >> DPORT=500,4500, ORIGDEST=$IPSEC_IP } > > Tom, on this line, is IPSEC_IP something I must set? > > If so, would this be the router's outside IP? Could I do a command > substitution like $(curl ipinfo.io/ip) ? PS - Here's what I've cooked

Re: [Shorewall-users] Centos7: SELinux is preventing /usr/bin/touch from 'write' accesses on the file shorewall

; To: shorewall-users@lists.sourceforge.net > > Il giorno dom, 17/12/2017 alle 13.10 -0500, Colony.three via Shorewall- > users ha scritto: > >> It's not clear what you're doing here. In several cases you have the >> output of ls -Z, without entering the command? >> >> N

Re: [Shorewall-users] Setting Up a DMZ Fail

> Original Message > Subject: Re: [Shorewall-users] Setting Up a DMZ Fail > Local Time: November 13, 2017 4:37 PM > UTC Time: November 14, 2017 12:37 AM > From: teas...@shorewall.net > To: shorewall-users@lists.sourceforge.net > > On 11/13/2017 03

Re: [Shorewall-users] Setting Up a DMZ Fail

> I've given up on trying to set up a Private Virtual Network in virt-manager > (KVM), as it does not work. (CentOS7.4 all 'round) > > So I've now assigned a hardware ethernet port to the DMZ VM and one to the > router VM, just like all the other VMs. The DMZ and router have their own IP >

[Shorewall-users] Setting Up a DMZ Fail

Typical setup. All systems running CentOS7.4 on KVM. Shorewall 5.0.14.1. Communication with DMZ by a virtual private bridge built in virt-manager, and communication between LAN machines is by SRIOT ethernet hardware. The router is a VM with 3 interfaces -- fiberoptic, LAN, DMZ. -- and I

Re: [Shorewall-users] Setting Up a DMZ Fail

> Typical setup. All systems running CentOS7.4 on KVM. Shorewall 5.0.14.1. > Communication with DMZ by a virtual private bridge built in virt-manager, and > communication between LAN machines is by SRIOT ethernet hardware. > > The router is a VM with 3 interfaces -- fiberoptic, LAN, DMZ. --

Re: [Shorewall-users] DNAT Not Working

> On 11/20/2017 09:27 AM, Colony.three via Shorewall-users wrote: > >>> Are you sure this isn't working. I can connect to the firewall's >>> external IP on port 80 and I get the Quantum Equities web site. >>> >>> -Tom >>> >>>

Re: [Shorewall-users] DNAT Not Working

> Are you sure this isn't working. I can connect to the firewall's > external IP on port 80 and I get the Quantum Equities web site. > > -Tom > > ___ Hm, that's odd. My remote OpenStack instance is CentOS Minimal so no GUI. I have to use curl to

Re: [Shorewall-users] DNAT Not Working

>> If necessary, can I somehow enter it here as a system variable? >> You can use >> >> -Tom Holy cow, this saves all kinds of scripted checks and saves! Thanks for all your help Tom.-- Check out the vibrant tech

Re: [Shorewall-users] DNAT Not Working

> Do you have firewall rules to allow that traffic through? Pretty much every > time > I can’t get something like this to work it turns out to be because it’s > blocked by > the firewall. > -Les Sure. That's the purpose of the NAT command isn't it? Anyway, there are no error messages in

Re: [Shorewall-users] DNAT Not Working

I've set ACCEPT rules for net to $FW and net to dmz (not sure which applies) for http and https. Going through the FAQ here: http://shorewall.net/FAQ.htm#faq1a - I'm testing from a remote OpenStack VM (Internap) using: # curl -v http://50.35.109.212 * About to connect() to 50.35.109.212 port 80

[Shorewall-users] DNAT Not Working

Hello, I can not get DNAT to work to save my life. All machines are CentOS7 KVM virtual machines, one the internet-connected router, and the other in the DMZ. I've gone through the docs and there seem to be two methods of port-forwarding, and neither works in the router: DNAT net

Re: [Shorewall-users] Setting Up a DMZ Fail

I've given up on trying to set up a Private Virtual Network in virt-manager (KVM), as it does not work. (CentOS7.4 all 'round) So I've now assigned a hardware ethernet port to the DMZ VM and one to the router VM, just like all the other VMs. The DMZ and router have their own IP class C's

Re: [Shorewall-users] Setting Up a DMZ Fail

> We need to see the output of 'shorewall dump'. Please forward it as a > compressed attachment; you can send it to me privately if you like. > > -Tom It's a problem for me to get emails to you Tom, or I would have sent it. Spam protections have eclipsed my one-horse hosting service (which has

Re: [Shorewall-users] DNAT Port Changing

> On 01/03/2018 12:55 PM, Colony.three via Shorewall-users wrote: > >> I have a router which is a KVM VM running CentOS7. Then I have a >> LibreSwan gateway, which is another VM in the LAN, also running CentOS7. >> There are 100,0 bots out there trying to get in to any

Re: [Shorewall-users] IPSec Tunneling

On 12/14/2017 02:55 PM, cac...@quantum-sci.com wrote: >> On 12/14/2017 02:50 PM, Tom Eastep wrote: >> >>> On 12/14/2017 02:28 PM, Colony.three via Shorewall-users wrote: >>> >>>> I have a VM which is the LAN router, and another VM in the LAN which >&g

Re: [Shorewall-users] IPSec Tunneling

I'm trying to change the listening port of Libreswan using these DNAT entries in rules: DNATnet local:192.168.1.16:500 udp - 5500 DNATnet local:192.168.1.16 udp ipsec-nat-t - ... but this results in the below DROPS. Rather than

Re: [Shorewall-users] IPSec Tunneling

> I'm trying to change the listening port of Libreswan using these DNAT entries > in rules: > DNATnet local:192.168.1.16:500 udp - 5500 > DNATnet local:192.168.1.16 udp ipsec-nat-t - > > ... but this results in the below DROPS. Rather

Re: [Shorewall-users] IPSec Tunneling

> On 01/05/2018 03:02 PM, Colony.three via Shorewall-users wrote: > >> On 01/05/2018 02:25 PM, Colony.three via Shorewall-users wrote: >> >>> I'm trying to change the listening port of Libreswan using these DNAT >>> entries in rules: >>> DNAT

[Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

I don't understand this: [184624.505739] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=52:54:00:c0:93:30:52:54:00:d7:db:bb:08:00 SRC=85.6.183.101 DST=192.168.111.16 LEN=408 TOS=0x00 PREC=0x00 TTL=115 ID=10959 PROTO=UDP SPT=1024 DPT=500 LEN=388 [184627.506014] Shorewall:net-fw:DROP:IN=eth0 OUT=

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

> I saw something similar when I neglected to add a subjectAltName > (gateway.shorewall.net) to the local endpoint's cert. > > FWIW, I've attached a log extract of a successful SA establishment. > > -Tom Hm, interesting. I've consistently used scripts from SomeRandomDude on The Internets, and

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

> Original Message > Subject: Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan) > Local Time: December 24, 2017 3:03 PM > UTC Time: December 24, 2017 11:03 PM > From: teas...@shorewall.net > To: shorewall-users@lists.sourceforge.net > > On 12/24/2017 02:56 PM,

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

> IPSEC configuration issue. I previously posted Strongswan config files > for my working DNAT setup. > > -Tom True, and I'm basing my endpoint (IPSEC gateway) config on that: conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=3 keyexchange=ikev2 conn ipv4 left=192.168.111.16

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

On 12/24/2017 12:59 PM, Tom Eastep wrote: > After a bit of a hassle with certs, I got it working. > > a) I used the StrongSwan Simple CA > (https://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA) to > generate my certs, with a subjectAltName. The subjectAltName of the > local endpoint is

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

> Just as a FYI: I have OpenVPN set up and working on my android phone. > > I generated a CA cert and then a cert for my phone using xca (GUI interface). > > Bill Good to know. I'd originally decided on IPSec because it's universally used in business, and is regarded to be the most secure, at

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

> I would think you would want: > interfaces: > -eth0routefilter=0,logmartians=1 > hosts: > vpn eth0:172.58.43.0/24 > neteth0:0.0.0.0/0 > > I'm assuming 172.58.43.0/24 is a private subnet (RFC1918). > > Bill 172. is from my phone on a national carrier, and

Re: [Shorewall-users] IPSec Tunneling

> Have you tried comparing the packets arriving from the net with those being > sent to the IPSEC endpoint? > > -Tom The following three monitors are recording the same attempt to connect. First, on the LAN router, listening to the outside interface: # tcpdump -vv -i eth0 'udp port 5500 and

Re: [Shorewall-users] IPSec Tunneling

> I don't know about Libreswan, but Strongswan has options to change the > > IKE and NAT-T ports (charon.port and charon.port_nat_5 respectively). > > -Tom Libreswan does as well, although the devs (who are very helpful) assure me it doesn't work. I'll try it anyway like the smartass I am.

[Shorewall-users] Generalized IPSec

We have LAN, made up of a number of KVM virtual machines, one of which is the router for the WAN and another is the IPSec gateway. (Libreswan) I have DNAT working fine from the (internal) IPSec gateway through the router to my phone and back. A while ago Tom gave me an iptables command to

Re: [Shorewall-users] IPSec Tunneling

>> Libreswan does as well, although the devs (who are very helpful) assure >> me it doesn't work. > > Bummer. Indeed when putting in ipsec.conf, the config setup section (as called for in man ipsec.conf): ikeport = 5500 ... and restarting, it merrily disobeys and stays on 500. And interfaces =

Re: [Shorewall-users] IPSec Tunneling

> On 01/06/2018 04:07 PM, Colony.three via Shorewall-users wrote: > >>> Original Message >>> Subject: Re: [Shorewall-users] IPSec Tunneling >>> Local Time: January 5, 2018 3:41 PM >>> UTC Time: January 5, 2018 11:41 PM >>> From:

Re: [Shorewall-users] IPSec Tunneling

On 01/05/2018 02:25 PM, Colony.three via Shorewall-users wrote: >> I'm trying to change the listening port of Libreswan using these DNAT >> entries in rules: >> DNATnet local:192.168.1.16:500 udp - 5500 >> DNATnet

Re: [Shorewall-users] IPSec Tunneling

; >> On 01/05/2018 03:02 PM, Colony.three via Shorewall-users wrote: >> >>> On 01/05/2018 02:25 PM, Colony.three via Shorewall-users wrote: >>> >>>> I'm trying to change the listening port of Libreswan using these DNAT >>>> entries in rules: >>&

[Shorewall-users] Strongswan is Busted

I am at a complete loss. I know this is not the Strongswan forum, but they are unresponsive with all methods of communication -- and now I see why. My personal opinion is that Strongswan is only rumored to work, but actually works in the sense that a puppet does. Sure Tom says he got it to

Re: [Shorewall-users] Strongswan is Busted

Am 28.12.2017 um 22:51 schrieb Colony.three via Shorewall-users: >> I am at a complete loss. I know this is not the Strongswan forum, > > Yes it is not and Tom in his incredible helpfulness tried to get you > through shallows of networking. > > Now it appears that you had p

Re: [Shorewall-users] DNAT and UDP

> As one of the Libreswan authors I'd note it's "Libreswan" - no capital > letters in the middle of the name, please. > > When suggesting manual keying, please note it is horribly insecure and should > not be used: > > https://tools.ietf.org/html/rfc8221#section-3 > > Tuomo Soini t...@foobar.fi

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

ts.sourceforge.net > > On 12/24/2017 12:59 PM, Tom Eastep wrote: > >> On 12/24/2017 12:45 PM, Colony.three via Shorewall-users wrote: >> >>>> I saw something similar when I neglected to add a subjectAltName >>>> (gateway.shorewall.net <http://gateway.shore

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

Simple CA is the procedure I've been using too. >> Dec 27 14:29:54 zeta charon: 05[NET] received packet: from >> 172.58.43.66[21321] to 192.168.111.16[500] (704 bytes) >> Dec 27 14:29:54 zeta charon: 05[ENC] parsed IKE_SA_INIT request 0 [ SA KE No >> N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP)

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

> The Cert isn't involved in the IKE_SA_INIT request. Verification of the > cert occurs in the IKE_AUTH request. What are the messages generated > when you start your local StrongSwan config? > > -Tom I don't see anything abnormal... although I do not see it calling

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

; On 12/27/2017 03:27 PM, Colony.three via Shorewall-users wrote: > >> Dec 27 15:20:49 zeta charon: 00[CFG] loading secrets from >> '/etc/strongswan/ipsec.secrets' >> Dec 27 15:20:49 zeta charon: 00[LIB] opening >> '/etc/strongswan/ipsec.d/private/quantumKey.pem' fail

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

; On 12/27/2017 03:46 PM, Colony.three via Shorewall-users wrote: > >>> Original Message >>> Subject: Re: [Shorewall-users] UDP Getting Blocked When Unblocked >>> (StrongSwan) >>> Local Time: December 27, 2017 3:31 PM >>&

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

> Hm, I am not seeing any evidence that the daemon is picking up my > /etc/strongswan/strongswan.d/bills-strongswan.conf nor > /etc/strongswan/ipdec.d/bills-ipsec.conf . But then, it's not noting yours > either, assuming you have your own ipsec.conf and strongswan.conf . > > These are my main

[Shorewall-users] DNAT Port Changing

I have a router which is a KVM VM running CentOS7. Then I have a LibreSwan gateway, which is another VM in the LAN, also running CentOS7. There are 100,0 bots out there trying to get in to any and all ports, ready and armed with the right known vulns and 0-days for the normal ports, so I'd

Re: [Shorewall-users] Fw: IPV6 Tunnel Ping Fail

‐‐‐ Original Message ‐‐‐ On April 6, 2018 11:58 AM, wrote: > ​​ > > ‐‐‐ Original Message ‐‐‐ > > On April 6, 2018 11:44 AM, Tom Eastep teas...@shorewall.net wrote: > > > > After shorewall6 clear, ping6 just hangs. > > > > > > ping6 google.com > >

[Shorewall-users] IPV6 Tunnel Ping Fail

# ip address 7: he-ipv6@NONE: mtu 1480 qdisc noqueue state UNKNOWN qlen 1 link/sit 50.47.100.167 peer 216.218.226.238 inet6 2001:470:a:c3::2/64 scope global valid_lft forever preferred_lft forever inet6 fe80::322f:64a7/64 scope link

Re: [Shorewall-users] IPV6 Tunnel Ping Fail

‐‐‐ Original Message ‐‐‐ On April 6, 2018 11:18 AM, colony.three--- via Shorewall-users <shorewall-users@lists.sourceforge.net> wrote: > # ip address > 7: he-ipv6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state > UNKNOWN qlen 1 > lin

Re: [Shorewall-users] Fw: IPV6 Tunnel Ping Fail

‐‐‐ Original Message ‐‐‐ On April 6, 2018 2:32 PM, Tom Eastep <teas...@shorewall.net> wrote: > ​​ > > On 04/06/2018 01:22 PM, colony.three--- via Shorewall-users wrote: > > > ‐‐‐ Original Message ‐‐‐ > > > > On April 6, 2018 11:58

Re: [Shorewall-users] ERROR: Invalid parameter (DROP), Multicast(DROP)

‐‐‐ Original Message ‐‐‐ On April 16, 2018 10:42 AM, Tom Eastep <teas...@shorewall.net> wrote: > ​​ > > On 04/16/2018 10:24 AM, colony.three--- via Shorewall-users wrote: > > > Anyone seen this? > > > > Nov 29 01:42:29 Compiling MAC Filtration --

Re: [Shorewall-users] ERROR: Invalid parameter (DROP), Multicast(DROP)

‐‐‐ Original Message ‐‐‐ On April 16, 2018 10:56 AM, Tom Eastep <teas...@shorewall.net> wrote: > ​​ > > On 04/16/2018 10:50 AM, colony.three--- via Shorewall-users wrote: > > > ‐‐‐ Original Message ‐‐‐ > > > > On April 16, 2018 10:42

[Shorewall-users] ERROR: Invalid parameter (DROP),Multicast(DROP)

Anyone seen this? Nov 29 01:42:29 Compiling MAC Filtration -- Phase 2... Nov 29 01:42:29 Applying Policies... Nov 29 01:42:29 Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast... Nov 29 01:42:29ERROR: Invalid parameter (DROP),Multicast(DROP)

Re: [Shorewall-users] ERROR: Invalid parameter (DROP), Multicast(DROP)

‐‐‐ Original Message ‐‐‐ On April 16, 2018 11:30 AM, Tom Eastep <teas...@shorewall.net> wrote: > ​​ > > On 04/16/2018 11:03 AM, colony.three--- via Shorewall-users wrote: > > > ‐‐‐ Original Message ‐‐‐ > > > > On April 16, 2018 10:56 AM, To

Re: [Shorewall-users] ERROR: Invalid parameter (DROP), Multicast(DROP)

‐‐‐ Original Message ‐‐‐ On April 16, 2018 12:16 PM, <colony.th...@protonmail.ch> wrote: > ​​ > > ‐‐‐ Original Message ‐‐‐ > > On April 16, 2018 11:30 AM, Tom Eastep teas...@shorewall.net wrote: > > > On 04/16/2018 11:03 AM, colony.thre

Re: [Shorewall-users] ERROR: Invalid parameter (DROP), Multicast(DROP)

Whups, reboot fixed it. Pardon the noise. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___

[Shorewall-users] VPN Ping Rejected

I don't understand why my ping through IPSec VPN is being rejected? When I 'shorewall clear', it pings. [138450.833070] Shorewall:INPUT:REJECT:IN=eth0 OUT= MAC=52:54:00:c0:93:30:52:54:00:d7:db:bb:08:00 SRC=192.168.1.114 DST=192.168.1.16 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=44281 DF PROTO=ICMP

Re: [Shorewall-users] VPN Ping Rejected

​ ‐‐‐ Original Message ‐‐‐ On March 29, 2018 4:08 PM, Tom Eastep <teas...@shorewall.net> wrote: > ​​ > > On 03/29/2018 04:06 PM, colony.three--- via Shorewall-users wrote: > > > On March 29, 2018 1:17 PM, Tom Eastep teas...@shorewall.net wrote: > >

Re: [Shorewall-users] VPN Ping Rejected

On March 29, 2018 1:17 PM, Tom Eastep <teas...@shorewall.net> wrote: > ​​ > > On 03/29/2018 11:59 AM, colony.three--- via Shorewall-users wrote: > > > I don't understand why my ping through IPSec VPN is being rejected?  > > > > When I 'shorewall clear

Re: [Shorewall-users] VPN Ping Rejected

On March 29, 2018 5:02 PM, Tom Eastep wrote: > > > > ... I believe this is right when unknown IPs can come in through VPN? > > You should be assigning the remote IP address via the sourceip > > (=right or left) setting in ipsec.conf. I can't because the remote

[Shorewall-users] IPSec & IPV6

I'm trying to convert to IPV6 but there's a little problem with the hosts file on the IPSec gateway. shorewall6 doesn't like any combination of IP ::0. As in: vpn eth0:::0 I typed out all the zeroes, used all colons, but I could not decrypt what it

Re: [Shorewall-users] IPSec & IPV6

‐‐‐ Original Message ‐‐‐ On April 3, 2018 5:37 PM, Tom Eastep <teas...@shorewall.net> wrote: > ​​ > > On 04/03/2018 05:29 PM, colony.three--- via Shorewall-users wrote: > > > I'm trying to convert to IPV6 but there's a little problem with the > > >

Re: [Shorewall-users] IPSec Getting Blocked

The remote phone's Strongswan app is not getting a port 4500 response back from the IPSec gateway. It's trying and waiting for a response on port 4500. ‐‐‐ Original Message ‐‐‐ On March 21, 2018 9:35 AM, wrote: > I have an IPSec gateway, which is just an

Re: [Shorewall-users] IPSec Getting Blocked

‐ On March 21, 2018 4:06 PM, Tom Eastep <teas...@shorewall.net> wrote: > ​​ > > If you 'shorewall clear' on the IPSEC gateway, does that correct the > > problem? > > -Tom > > On 03/21/2018 02:28 PM, colony.three--- via Shorewall-users wrote: > > >

Re: [Shorewall-users] IPSec Getting Blocked

​​ ‐‐‐ Original Message ‐‐‐ On March 23, 2018 9:43 AM, Tom Eastep <teas...@shorewall.net> wrote: > ​​ > > On 03/22/2018 10:03 AM, colony.three--- via Shorewall-users wrote: > > > No change in the symptom with 'shorewall clear' on the IPSEC gateway.

[Shorewall-users] Shorewall Disobeying rules?

I have struggled for days to make this work but admit I am soundly defeated. My goal is to dnat two cameras through an Odroid N2+. But I can't even get a basic ACCEPT to work on ports 80 or 443. I can't understand what is wrong. Dump is attached. Sure hope the boss is still around. [Tue Jan 30

Re: [Shorewall-users] Shorewall Disobeying rules?

PM, colony.three--- via Shorewall-users wrote: > > > I have struggled for days to make this work but admit I am soundly defeated. > > My goal is to dnat two cameras through an Odroid N2+. But I can't even get > > a basic ACCEPT to work on ports 80 or 443. I can't understand

Re: [Shorewall-users] Shorewall Disobeying rules?

y, August 5, 2020 9:09 AM, Tom Eastep wrote: > On 8/5/20 8:03 AM, colony.three--- via Shorewall-users wrote: > > > I have struggled for days to make this work but admit I am soundly defeated. > > My goal is to dnat two cameras through an Odroid N2+.  But I can't even > > g

Re: [Shorewall-users] Shorewall Disobeying rules?

, beware: Automake=Yes is the default. Might should be No if you consider port-forwarding. ‐‐‐ Original Message ‐‐‐ On Wednesday, August 5, 2020 10:18 AM, Tom Eastep wrote: > On 8/5/20 9:30 AM, colony.three--- via Shorewall-users wrote: > > > Thank you Tom, but actually th

Re: [Shorewall-users] Shorewall Disobeying rules?

I see. Chrony is getting blocked. All this setup is temporary because soon it will be going through a WireGuard tunnel. ‐‐‐ Original Message ‐‐‐ On Wednesday, August 5, 2020 10:51 AM, Tom Eastep wrote: > On 8/5/20 10:30 AM, colony.three--- via Shorewall-users wrote: > >