Software :: Shorewall And Opening Certain Ports?
Aug 27, 2010
I have searched the web for this answer and i can't find it. I'm using Shorewall for my company firewall and all is working well. But i need to tweak down a few problems that i have. Employees have internet connection over a proxy server (http and https traffic), but some do need to connect to other ports not through proxy but directly. I want to add a exception to the rules. For example i want to allow that a local ip can connect to a predefined ip on the net to a specific port. All my attempts have failed.
View 3 Replies
ADVERTISEMENT
Jun 20, 2010
How can I open a p[ort in slackware? I am "trying" to install and use Alfresco, a DMS that runs on linux platforms. So far that has been a nightmare........
Basically, according to their support tech, port 3306 is blocked. I dont really understand because I have MySQL DB server running and listening to 3306 on that machine and no problems at all... However, they recommended to try:
Code:
telnet localhost 3306
or
Code:
telnet <machinename> 3306
but it resulted in:
Code:
telnet connect to address 127.0.0.1: Connection refused
If I understand correctly , the Alfresco support is correct, 3306 is indeed blocked. But how come mysql is running fine then? How can I unblock this port? And finally, I need to specify that I dont have ANY type of firewall or anything like that because this machine is not connected to the web... So if I dont have a firewall , what is blocking the port?
View 3 Replies
View Related
May 12, 2011
im working on a perl script to automate the setup on a few machines. Does any one know how to open ports using perl?
ps: The systems are redhat so id be editing the iptables file..
View 6 Replies
View Related
May 26, 2010
how I can set up something to automatically open port 119 at 10pm and close it again at 3am..
View 9 Replies
View Related
Aug 30, 2010
I am trying to open a tunnel for a friend of mine who's isp has blocked a bunch of webpages, so I was thinking I would learn how to since it might come in handy in the future Anyway, so I looked at a couple of videos about going in to network settings and changing the setting to manual and write down the desired IP (in my case 192.168.0.137). Then I went into my router (it's a D-link DI 524) and tried adding my static IP as the DMZ computer. I then restarted, everything looked fine, the router saved the settings and the eth0 still hade the information saved so I wanted to try it out. I just googled "try my ports" and I found a website called [URL]...But no ports worked for me.. I tried double checking everything, checking for errors. I couldn't find anything so I'm guessing you might have a clue!
EDIT: It seemed I had to have a program that actually used the port for it to work.. It's working anyway, so if you could move it to [SOLVED] I'd be happy
View 1 Replies
View Related
Apr 24, 2010
I have a fairly clean install of Debian 5.04 on a G5 tower and am having some local network sharing problems. The machine linuxG5 has an address of 192.168.1.4 and when I am logged into that machine I get the following output
silver@linuxG5:~$ nmap localhost
Starting Nmap 4.62 ( http://nmap.org ) at 2010-04-24 10:19 EDT
Interesting ports on localhost (127.0.0.1):
Not shown: 1706 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
[Code]...
View 2 Replies
View Related
Nov 7, 2009
I have recently bought a IP/PABX system with one FXO and one FXS port. I intend to install this on a remote site with a public but dynamic IP (can be resolved via dyndns though) and make calls via clients that are NATTed (inside a home router). I would like to seek advice on the port opening and the recommended settings. I have been reading a lot on VOIP and I am getting feedback that SIP calls are difficult to establish on a NATTed environment.
1.) SIP port 5060 UDP?
2.) RTP ports - what range should I open for this? I see some use 10000-20000 UDP
3.) STUN server - Is this something that needs to be configured?
How can I ensure that the other party can hear the audio just like a regular telephone? Is it really impossible to do if the client is behind a router in which it is using a Private IP Address? What other network configurations needs to be done?
View 10 Replies
View Related
May 26, 2011
I'd like to set up a fileserver for myself and a few trusted individuals. I'm computer savvy and I use various linux servers frequently for work, but this is my first time trying to setup my own. Is it possible to have a Samba server setup so it is both secure and facing the Internet? Two questions:
Will opening Samba ports make my default Ubuntu server particularly vulnerable to penetration? More than having an SSH server running? Does Samba/ can Samba be configured to encrypt traffic or is it sent plainly? If so, does Windows and Mac support this secure communication?
If not, what would you suggest? I'd like to achieve something like a network drive and at a difficulty level that my parents could use this if they really wanted to. I will be storing things like financial information and tax returns, but no weapons-grade secrets.
View 9 Replies
View Related
Dec 17, 2010
I'm writting an app for desktop and embedded linux and I need to get information about the multiserial port, and I need to know which port is been used (by a printer, por example).The multiserial I'm using is an Altera Corporation Device 0004, and I just need to tell how many ports are there and how many is been used.
View 3 Replies
View Related
Apr 17, 2011
I posted a previous topic on bridging, and that didn't seem to work, so I went with Shorewall and I'm trying to setup NAT, but I'm struggling very badly. I have the interfaces configured where eth1 is my Local LAN (loc) network, and eth0 connects to my ISP (net). But my problem is that I have no clue how to forward traffic from eth1 to eth0, without using ProxyARP, which routes all traffic to eth1, and doesn't allow traffic out on itself. I've looked at the NAT tutorials, and they don't make sense to me, because I have two interfaces that I want to be able to talk to each other and the internet at the same time. Is there anyone who's good with Shorewall?
View 3 Replies
View Related
Mar 24, 2011
I've got a Ubuntu Server Linux router that I've got 2 internet connections hooked to. One of them is DSL and the other is cable.
What I'd like to do is have everything go through the DSL connection EXCEPT for one desktop, I'd like that system to go through cable for everything.
Here's a diagram of how I've got things set up.
[URL]
I don't have any more expansion slots on the mainboard of my server for another NIC, also I do a lot of file transferring between a laptop and the desktop I want on the cable connection so I don't want that slowing down the rest of my network.
I've got both providers set up in the providers file and I've got everything going through the DSL connection right now. So far everything I've tried has stopped the desktop from connecting out at all.
View 2 Replies
View Related
Nov 20, 2010
i am using Fedora 14. Once system get hanged during opening a video file so I had to restart the system by pressing restart button. But after restarting there are few problems appearing like system monitor not opening and Thunder bird opening but not showing any folder including inbox.
---------- Post added at 04:54 AM GMT ---------- Previous post was at 04:42 AM GMT ----------
Looks like SElinux has stopped working
View 3 Replies
View Related
Mar 3, 2011
The server I'm running runs Debian Etch, Squid and Shorewall. Every 24 hours the server gets a new internet IP so I need to use dyndns to keep the dns pointing to the correct PC.
I have a webserver that is running behind the debian server and am having trouble with it. When I enter the web address, it gets a timeout.
View 3 Replies
View Related
Apr 5, 2010
I always use Shorewall on my Ubuntu Servers and it works great, one things I have never been able to get right is the TOS.Let say for example I would like:
HTTP traffic (80, but all traffic get routed to 3128 [Squid]) to get highest priority
SMTP (25) second highest
POP (110) third highest
The rest forth
How would I get that right?
View 1 Replies
View Related
May 11, 2010
Any time I try and restart the Shorewall it takes forever. Sometimes I have to reboot the File Server as its faster.In the shorewall-init.log it seems to stick on the loading modules and goes no further. Anyone come accross this before.I have Ubunut 8.04LTS - everything seemed to be working OK until I installed NFS, NIS, AUTOFS - but I can't be 100% sure.
View 1 Replies
View Related
Aug 6, 2010
- I have setup an application in my local subnet 10.1.0.0/16 which broadcast udp packet.
- My application broadcast from machine with 10.1.2.240 and also broadcast from multicast address 225.1.2.3 using port 3035 (it's the correct multicast address right ?)
- I have develop small application to receive the udp packet from the multicast address. It's running OK.
Problems/question :
How can i setup my firewall (using shorewall) so that user from internet can receive the udp packet from multicast ?
Is it possible to listen udp broadcast address behind the firewall (without setting up vpn connection) ?
View 3 Replies
View Related
Sep 9, 2010
How to get logwatch working with shorewall logs. I tried fwlogwatch but could not get that working.
View 1 Replies
View Related
Feb 7, 2011
One of the apps I would like to try out is usenext.Selectint the download for the right version (Linux - Suse, Red Hat, Fedora) I get the rpm file.Either opening this straight away or saving then opening it comes back with the following errors:
usenext-5.27-1.i386 requires mono(gdk-sharp) = 2.10.0.0
usenext-5.27-1.i386 requires unrar
usenext-5.27-1.i386 requires mono(glib-sharp) = 2.10.0.0
[code]....
View 8 Replies
View Related
Aug 11, 2010
How can I tell if my USB ports are 2.0 ports?
View 1 Replies
View Related
May 4, 2011
I want to learn about setting up Shorewall, but the website refers to several versions. How do I ascertain which version of Shorewall is on my system?
View 1 Replies
View Related
May 10, 2011
First I will give some background. We have a currently working network that the Previous network Admin assigned an internal IP scheme of 200.1.1.0/24. I have no idea why he would have done such a thing, but it is my job to fix it (and keep our systems up and running). We have a Fedora 10 box on the 200 network that is acting as a router and a firewall (shorewall to be exact).
I added another NIC card (thank you again to all the great people on this forum for helping me get that working) and it is eth2. Assigned it a 10.100.1.A/24 (This is just a variable for the real IP). The other end of the cable that I plugged into that NIC connects to a Cisco Layer 3 switch. I assigned the port that connects to the other end of the cable the IP address of 10.100.1.B/24
Ok, I added the static route of ˜ip route add 10.100.1.0/24 via 10.100.1.A dev eth2' I added loc2 (which is my eth2 adapter) to the /etc/shorewall/zones file. I set eth2 on loc2 in the /etc/shorewall/interfaces file. loc2 eth2 detect I set the lines in the /etc/shorewall/policies file loc loc2 ACCEPT info loc2 loc ACCEPT info I can ping the cisco switch from the linux server itself. From a PC on the original network I can ping the new NIC card in the linux server, but cannot ping the cisco switch, so I figure it has to be either the route or shorewall.
View 13 Replies
View Related
Aug 17, 2010
let me show you my config and tell me if its ok
Its pretty simple:
eth2 -> 192.168.1.0
eth2:0 ->192.168.50.0
eth1 and eth0 are the net interfaces, 1 router each to provide wan failover (not implemented here)
Hosts:
loc1 eth2:192.168.1.0/24
loc50 eth2:192.168.50.0/24
Interfaces
net6 eth0 detect
net7 eth1 detect
- eth2 192.168.1.255,192.168.50.255
Masq
eth0 eth2
eth1 eth2
eth2 eth2
Policy
all all ACCEPT info
Rules
SECTION NEW
REJECT loc50 loc1 all
Zones
fw firewall
net6 ipv4
net7 ipv4
loc1 ipv4
loc50 ipv4
Problems / Doubs:
1) Is the hosts file required?
2) I guess I need doing masq from local to each external, and also from local to local even if they share the same interface, hence the eth2 eth2 in the masq file...
3) So is shorewall well implemented in these scripts to handle aliases?
View 2 Replies
View Related
Jan 3, 2011
I got Shorewall firewall all Set-up perfect but I'm stuck at 1 last bit. The aim is to let on 2 clients max onto my server. I have the policy setup in webmin as.
Uploaded with ImageShack.us
More than 2 clients can get onto the server. The aim is to have it as a ddos protection allowing 100 clients on and a max burst of 10 clients at a time.
View 3 Replies
View Related
Jan 29, 2011
I have my system set up to where the router(dd-wrt) will send it's syslog messages to my Linux PC system. I am using shorewall as my firewall. I have two questions: How can I configure shorewall to allow the messages from my router? If I use my router IP address to allow the messages to come through the firewall, will this be a great security risk as anything from the internet can come through on that router ipaddress?
View 1 Replies
View Related
May 22, 2011
I have the Shorewall firewall running on Ubuntu 10.10 server and the issue I am having is the firewall is blocking traffic from my transmission-daemon even though I have allowed it in the /etc/shorewall/rules.
the rules file has the following lines
Code:
ACCEPT$FWnettcp60000:60035
ACCEPTnet$FWtcp60000:60035
ACCEPT$FWnetudp51413
ACCEPTnet$FWudp51413
[Code]...
as you can see, Shorewall is rejecting packets with source and destination port 51413 on incoming net2fw and outgoing fw2net even though the rules are set to accept.
View 7 Replies
View Related
Jan 29, 2011
I've got a Shorewall (Shoreline?) firewall up and running, but it's logging to /var/log/messages. I'd much rather have it logging to another location e.g. /var/log/firewall but can't find (a clear enough) explanation on how to do this. Apparently, it varies greatly depending on the distro, the kernel, and the version of Shorewall that is running. You'd think it would be something as simple as setting a path in a config file, but apparently not. I'm running a stock Lenny kernel on the firewall machine. It comes with version 4.0.15 of Shorewall.
View 9 Replies
View Related
Jun 10, 2011
I installed ubuntu server and got it set up, and im trying to install shorewall as a firewall, but whenever i do sudo apt-get install shorewall i get a package not found error.
View 5 Replies
View Related
Sep 23, 2010
I have a Linux box being used as a firewall with Fedora 10 and shorewall 4.2.10. Secondary IPs are loaded on the WAN (eth1)card through Shorewall NAT and Rules file. The problem is that if there is a network hickup or if the circuit bounces, the primary IP comes back but I have to reload Shorewall to get the secondary ips back. Is there a way so that they can automatically reload or just not go away if the connection bounces?
View 4 Replies
View Related
Aug 13, 2010
I am setting up a mail server. After installation of shorewall-common, shorewall-doc
Following this link http://flurdy.com/docs/postfix/
For setting up
It requires me to copy thge content of /usr/share/doc/shorewall-common/default-config/rules to /etc/shorewall
cp /usr/share/doc/shorewall-common/default-config/rules /etc/shorewall/
But i observed that the folder default-config is missing. I have purge it apt-get and reinstalled but still it does it have that folder. What could cause this thing and how can i go about it?
View 1 Replies
View Related
Dec 12, 2009
I have just set up shorewall on my router running Arch Linux. The external network is on eth0 and the internal network on eth1.I have set it up for masquerading and that works fine and I can open ports to the firewall. But I'm having trouble with port forwarding to my internal machines.The problem I have is that when port 22350 is forwarded to 192.168.1.3 on my local network, checking the port with nmap from a remote computer gives me:
Code:
PORT STATE SERVICE
22350/tcp closed unknown
[code]....
View 2 Replies
View Related
