Re: CT-based firewall rules?

On 2/23/2018 2:07 AM, Rodary Jacques wrote: When I reboot, what program is responsible for "CT-based firewall rule" (dixit jounalctl). I would like to have my own firewall rules, and for now, I must flush those "CT-based firewall rules" before I set my owns. Again it

CT-based firewall rules?

When I reboot, what program is responsible for "CT-based firewall rule" (dixit jounalctl). I would like to have my own firewall rules, and for now, I must flush those "CT-based firewall rules" before I set my owns. Again it's not too important, since I don't

Re: firewall rules for NAT

On 1 Jul 2017 7:31 pm, "Pascal Hambourg" wrote: Le 01/07/2017 à 03:25, Igor Cicimov a écrit : > > You know what, i just checked the iptables rules the op sent again and > realized this: > > -A POSTROUTING -d 10.7.33.109/32 -p tcp -m tcp > > --dport 25 -j SNAT --to-source

Re: firewall rules for NAT

On Sat, 1 Jul 2017 13:25:30 +0200 Pascal Hambourg wrote: Hello Pascal, >Are you sure that your mailer displays the plain text version, not the >HTML version ? I'll change my answer; I only looked at a couple of Igor's messages and they were fine. However, further study shows that in some pos

Re: firewall rules for NAT

On Sat, 1 Jul 2017 13:25:30 +0200 Pascal Hambourg wrote: Hello Pascal, >Are you sure that your mailer displays the plain text version, not the >HTML version ? Positive. I use Claws Mail *without* any HTML plugin. -- Regards _ / ) "The blindingly obvious is / _)r

Re: firewall rules for NAT

Le 01/07/2017 à 12:54, Brad Rogers a écrit : On Sat, 1 Jul 2017 11:30:41 +0200 Pascal Hambourg wrote: Hello Pascal, PS. Igor, the plain text version of your posts does not properly mark the quoted text from the message you reply to : it appears as if it was your text, without any quotation ma

Re: firewall rules for NAT

On Sat, 1 Jul 2017 11:30:41 +0200 Pascal Hambourg wrote: Hello Pascal, >PS. Igor, the plain text version of your posts does not properly mark >the quoted text from the message you reply to : it appears as if it was >your text, without any quotation marks. It's fine here. -- Regards _

Re: firewall rules for NAT

Le 01/07/2017 à 03:25, Igor Cicimov a écrit : You know what, i just checked the iptables rules the op sent again and realized this: -A POSTROUTING -d 10.7.33.109/32 -p tcp -m tcp --dport 25 -j SNAT --to-source 10.7.33.100 is NOT how you would do SNAT with DNAT, you norm

Re: firewall rules for NAT

On 1 Jul 2017 7:13 am, "Pascal Hambourg" wrote: Le 30/06/2017 à 15:09, Igor Cicimov a écrit : > On Fri, Jun 30, 2017 at 3:50 PM, Pascal Hambourg > wrote: > >> >> Stateful NAT requires symmetric routing, i.e. reply packets go through the >> router that did the NAT operations on original packets

Re: firewall rules for NAT

Le 30/06/2017 à 15:09, Igor Cicimov a écrit : On Fri, Jun 30, 2017 at 3:50 PM, Pascal Hambourg wrote: Stateful NAT requires symmetric routing, i.e. reply packets go through the router that did the NAT operations on original packets and keeps the state for these NAT operations. With the host a

Re: firewall rules for NAT

On Fri, Jun 30, 2017 at 3:50 PM, Pascal Hambourg wrote: > Le 30/06/2017 à 00:38, Igor Cicimov a écrit : > >> On 29 Jun 2017 6:32 pm, "Lucio Crusca" wrote: >> >>> >>> Il 27/06/2017 23:35, Pascal Hambourg ha scritto: >>> >>> Le 27/06/2017 à 13:29, Lucio Crusca a écrit : -A POSTROUTING -d

Re: firewall rules for NAT

Le 30/06/2017 à 00:38, Igor Cicimov a écrit : On 29 Jun 2017 6:32 pm, "Lucio Crusca" wrote: Il 27/06/2017 23:35, Pascal Hambourg ha scritto: Le 27/06/2017 à 13:29, Lucio Crusca a écrit : -A POSTROUTING -d 10.7.33.109/32 -p tcp -m tcp --dport 25 -j SNAT --to-source 10.7.33.100 If this rul

Re: firewall rules for NAT

On 29 Jun 2017 6:32 pm, "Lucio Crusca" wrote: Il 27/06/2017 23:35, Pascal Hambourg ha scritto: > Le 27/06/2017 à 13:29, Lucio Crusca a écrit : > >> >> -A POSTROUTING -d 10.7.33.109/32 -p tcp -m tcp --dport 25 -j SNAT >> --to-source 10.7.33.100 >> >> > If this rule is required, then your routing

Re: firewall rules for NAT

Il 27/06/2017 23:35, Pascal Hambourg ha scritto: Le 27/06/2017 à 13:29, Lucio Crusca a écrit : -A POSTROUTING -d 10.7.33.109/32 -p tcp -m tcp --dport 25 -j SNAT --to-source 10.7.33.100 If this rule is required, then your routing setup is wrong. Thank you very much, that was the problem. My

Re: firewall rules for NAT

On 27 Jun 2017 9:29 pm, "Lucio Crusca" wrote: Il 26/06/2017 11:35, Dan Purgert ha scritto: > That shouldn't be happening -- you may have an errant rule you didn't > show > I think I did show that rule: -A POSTROUTING -d 10.7.33.109/32 -p tcp -m tcp --dport 25 -j SNAT --to-source 10.7.33.100

Re: firewall rules for NAT

Le 27/06/2017 à 13:29, Lucio Crusca a écrit : -A POSTROUTING -d 10.7.33.109/32 -p tcp -m tcp --dport 25 -j SNAT --to-source 10.7.33.100 The problem is that without that rule things do not work at all (connections time out). If this rule is required, then your routing setup is wrong. What is t

Re: firewall rules for NAT

Il 26/06/2017 11:35, Dan Purgert ha scritto: That shouldn't be happening -- you may have an errant rule you didn't show I think I did show that rule: -A POSTROUTING -d 10.7.33.109/32 -p tcp -m tcp --dport 25 -j SNAT --to-source 10.7.33.100 The problem is that without that rule things do not

Re: firewall rules for NAT

Lucio Crusca wrote: >[...] > It works like a charm, but there is one problem: my mail server receives > all the connections from the router, which has its own private IP > address (10.7.33.100), so the mail server can't enforce SPF policies nor > DNS RBL rules on incoming mail connections. That

firewall rules for NAT

I have a server with Debian GNU/Linux as host system. The host runs several guest virtual machines, but it has only one public IP address. Each virtual machine is a QEMU/KVM Debian GNU/Linux system that runs some specific service (so I have one for websites, one for mail, one for database, o

Re: Firewall rules to block unwanted protocolls on given ports

In <12ece38cdc9.930887499216092428.2266832439697170...@zoho.com>, johhny_at_poland77 wrote: >Does somebody has an idea, that what kind of iptables/pf rule must i use to >achieve this?: > >i only want to allow these connections [on the output chain]: > >on port 53 output only allow udp - dns >on po

Firewall rules to block unwanted protocolls on given ports

Does somebody has an idea, that what kind of iptables/pf rule must i use to achieve this?: i only want to allow these connections [on the output chain]: on port 53 output only allow udp - dns on port 80 output only allow tcp - http on port 443 output only allow tcp - https on port 993 output onl

Re: DNS Firewall Rules

On Sat, 11 Oct 2003, James W. Thompson, II wrote: > What sort of rules should I use for DNS under iptables, I have 3 NS I > need to transfer to, then of course I also need to resolve names... > But I want to lock down the ports beyond that... I am not sure it is what you are asking for, but this

DNS Firewall Rules

What sort of rules should I use for DNS under iptables, I have 3 NS I need to transfer to, then of course I also need to resolve names... But I want to lock down the ports beyond that... -Dubbs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAI

Re: quake/RTCW firewall rules

On Mon, 30 Sep 2002 09:58:25 -0400 "John F Davis" <[EMAIL PROTECTED]> wrote: > Hello > > I was trying to run a RTCW(quake 3) server behind my firewall last > night. I setup the firewall iptable rules to forware udp packets of > 27690(from memory) to my server. My friend and I were able to play

quake/RTCW firewall rules

Hello I was trying to run a RTCW(quake 3) server behind my firewall last night. I setup the firewall iptable rules to forware udp packets of 27690(from memory) to my server. My friend and I were able to play but he said his connection was very poor. I have a 768/128K dsl line and I realize my u

Re: Firewall Rules

t > are beyond my awareness -- but here's what i'd look for: > > 1) modconf -> ipv4 -> select and install ip-masq modules that > look like they'd help with what you're after. > > 2) apt-get install ipmasq ... it'll take much of the worry and > s

Re: Firewall Rules

help with what you're after. 2) apt-get install ipmasq ... it'll take much of the worry and sweat out of configuring your firewall rules. 3) keep reading and soon someone will continue this thread showing where i'm all wet. -- See, if you were allowed to keep the money, you wouldn

Firewall Rules

I have 2 nics in my Linux box. One connected to my cable modem, and the other has a windows machine attached to it, which I do masquerading for. I need to be able to connection via VPN from the windows box to an outside host. Is there a way to easily determine what ports needs to be opened to ac

Re: ipchains firewall rules

On 20/1/2000 dyer wrote: Are the deny's perhaps UDP packets? no, they are tcp, I have not yet tried to do anything about udp packets. looking closer at the way portmapper seems to do things, it appears to me that any rpc service that is registered is given a random port, not necessarly pri

Re: ipchains firewall rules

Ethan Benson wrote: > hi, > > > > what i tried was adding 3 new rules to the very beginning of the input chain > > ipchains -I input 1 -p tcp -i ppp0 -d 0.0.0.0/0 53 -j ACCEPT > ipchains -I input 2 -p tcp -i ppp0 -d 0.0.0.0/0 113 -j ACCEPT > ipchains -I input 3 -l -p tcp -y -i ppp0 0.0.0.0/0 :102

ipchains firewall rules

hi, I have a powerpc machine of which i just installed debian, (this machine is the only one with a modem) I have installed the ipmasq package which seems to do what is required. however, I have a need to mount a NFS share from another machine in the private network on the powerpc, this of c