Re: [Shorewall-users] connection issue through shorewall firewall with TPROXY

Tue, 23 May 2017 20:49:29 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 05/23/2017 06:45 PM, Tom Eastep wrote:
> On 05/23/2017 02:02 PM, Vieri Di Paola wrote:
> 
>> ________________________________ From: Tom Eastep 
>> <[email protected]>
>>> 
>>> Does 'ss -tnap | fgrep 3129' produce any output.
> 
> 
>> Yes.
> 
>> # ss -tnap | fgrep 3129 LISTEN     0      128         :::3129 
>> :::*                   users:(("squid",pid=8990,fd=207))
> 
> 
> Okay -- please send another dump that contains that entry...
> 

Before you do that, take a look at your dmz->fw rules -- you are only
allowing ports 80 and 443 to a restricted set of hosts with private IP
addresses:

    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
10.215.144.91        multiport dports 80,443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
10.215.145.81        multiport dports 80,443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
10.215.145.241       multiport dports 80,443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
10.215.145.242       multiport dports 80,443

- -Tom
- -- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
                      \_______________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJZJQJBAAoJEJbms/JCOk0QzecP/3/vBq1/Yp+dEKY1XHRHvHLU
Ya4vin6J06E3ofnr01+p574C6fHS+BxRV5nl7hl4o+Eqj+9aKotX/odco2SxlgEK
Jp0t6HjZ7VxAZ4jXjQ+e6Uj+xS0ZpU11uGFptgJ30jerL/oqlOBX7zUTTcDpwJlO
wE7YGGzir38TSf60FlXCEbXFCUGJ4Tgz2wG0wgtih9d6/0wWZ12KmC9+rhgUFJYp
YbNvhXP3Gx7RSU/283jh3qISREyzpXSEeBWZjT4Zj1XL5S0+rAYBBYARq+QoRx5X
ae9zyieqJQAd1NgfartHyHl/e8i+3qOF7Y0+aUSUGpq2EyGezvRqqQ5QOrcwpThE
RrBG3HC2gk+/rn69eJEBovG5gLRrNSkX4yh9nqLyEY8DeHxSRauQq9apIlCOoDiC
okHu1lslmPK/0Zg3ngciGI3S5R4ZiSfHP3ws8tLgZtS7jmXJJhBgW0gHXhXtNLg7
t6PR9BXS//tWsqhRZZ2RaS9cnk9GYiP4k+TCIVjhYe9oEes4NMnfQ1y9cIwj37vX
4AN0dMDyWidsUhPN+fxJ2lS+W1JybaDw6qbWFKbZwwF6tbGqlgOwacVKWLs/Z774
mFaqHz0klDhf/3PeDK75YFQIBEVWFD6NHSOZrKlolzFbVRg93VZT6J6lsZ0Fom3l
KWcyC8+1LGtINlX6M6fV
=EMIo
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to