On Fri, 31 Mar 2017 09:44:01 PM R Calleja wrote:
> can anybody help me. I have security issues and I have to reinstall
> the system every year.
> Set up a firewall with iptables as the attachment and now block
> connections as you can see in the dmesg attachment.
Debian-user is probably a better l
You got it Tibor !!!
I applied the command Andreas gave to me and tomcat55 listens on 8180.
However, it does not resolve my firewall problem. I will explore
differents ways that have been proposed to me.
Thank to all of you,
I will inform you on the state of things,
Joan
L
Joan Hérisson wrote:
Hello,
Config:
- Debian 2.4.18
- iptables with many rules
Problems:
- I have installed a tomcat 5.5 server. The server is unreachable
(connection failed from locahost or another host on my local network).
Hey Joan,
how do You installed tomcat? Because, if installed fro
Hi !
* Manuel García <[EMAIL PROTECTED]> [2007-06-07 10:01]:
> On 6/7/07, Joan Hérisson <[EMAIL PROTECTED]> wrote:
[...snip...]
> > Results:
> > - The server is still unreachable.
> > - When I do nmap localhost, I have port 80 open but not 8080.
> > - When I comment out the line for port 80 in fir
Joan Hérisson wrote:
Chain INPUT (policy DROP 17 packets, 1088 bytes)
pkts bytes target prot opt in out source
destination
164 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:8080
225 18816 bad_tcp_packets tcp --
Hi Joan,
On Thursday 07 June 2007 14:51:51 Joan Hérisson wrote:
> Hello,
>
> Config:
> - Debian 2.4.18
This is very old. For security and better features, you'd be best to upgrade
to a more recent version of Debian, with a more recent kernel.
> - iptables with
Ok,
thank you for your answers. I will try to sum up mine.
It is true that it is not me who wrote the firewall script and that
I do not understand what all rules do.
I tried different solutions that you proposed but none works, from
localhost, local network or from the internet. The
Il giorno Thu, 7 Jun 2007 15:51:51 +0200
"Joan Hérisson" <[EMAIL PROTECTED]> ha scritto:
> So I added this rule :
> "iptables -A tcp_packets -p TCP -i eth1 -s
> 0/0 --dport 8080 -j allowed"
> where eth1 is the way toward my local network
>
Can you send the output of 'iptables -t filter -L -n -v ' to this mailing
list?
2007. június 7. 15.51 dátummal Joan Hérisson ezt írta:
> Hello,
>
> Config:
> - Debian 2.4.18
> - iptables with many rules
>
> Problems:
> - I have installed a to
Joan Hérisson wrote:
Hello,
Config:
- Debian 2.4.18
- iptables with many rules
Problems:
- I have installed a tomcat 5.5 server. The server is unreachable
(connection failed from locahost or another host on my local network).
Tries:
- I have to open port 8080. I have this rule in /etc/init.d
On Thursday 07 June 2007 15:51, Joan Hérisson wrote:
> Hello,
>
> Config:
> - Debian 2.4.18
> - iptables with many rules
>
> Problems:
> - I have installed a tomcat 5.5 server. The server is
> unreachable
> (connection failed from locahost or a
On 6/7/07, Joan Hérisson <[EMAIL PROTECTED]> wrote:
Hello,
Config:
- Debian 2.4.18
- iptables with many rules
Problems:
- I have installed a tomcat 5.5 server. The server is unreachable
(connection failed from locahost or another host on my local network).
Tries:
- I have to open port
Adrian Minta <[EMAIL PROTECTED]> writes:
> and a module ipt_limit.ko exist in the kernel directory ( 2.6.8-2-k7)
ipt_limit != ipt_connlimit
You are probably lacking kernel support for ipt_connlimit. It's not
part of the Linux kernel yet, and I guess the connlimit patch isn't in
Debian kernels ei
On Tue, 08 Mar 2005 00:42:01 +0100
Bernd Eckenfels <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]> you wrote:
> >> >server# iptables -A INPUT -p tcp --dport 80 -m connlimit
> >--connlimit-above > >3 -j REJECT --reject-with tcp-reset
>
> Have you tried:
>
> iptables -m connlimit -h
In article <[EMAIL PROTECTED]> you wrote:
>> >server# iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above
>> >3 -j REJECT --reject-with tcp-reset
Have you tried:
iptables -m connlimit -h
does it show the connlimit options?
BTW: my iptables manpage knows about -m connrate --con
On Mon, 07 Mar 2005 09:29:19 +0100
Guillaume Tournat <[EMAIL PROTECTED]> wrote:
> Adrian Minta a écrit :
>
> >Is iptables connlimit available in sarge ?
> >I try to limit incoming connection to my webserver:
> >
> >server# iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above
> >3 -j
Adrian Minta a écrit :
Is iptables connlimit available in sarge ?
I try to limit incoming connection to my webserver:
server# iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 3
-j REJECT --reject-with tcp-reset
the error:
iptables: No chain/target/match by that name
What I'm doing
am 13.01.2005, um 18:04:06 +0100 mailte RatÓn folgendes:
> Hello.
>
> I´m new to packet-filtering. As you can imaging starting to use
> iptables. Well once I´ve reached my first configuration I want to test
> it by asking iptables if a certain type of traffic is going to be
> ACCEPTED or not. To
Incoming from RatÓn:
> So it is not ment for iptables testing. How can I test my config then??
Here's how I do it:
iptables -A INPUT -s ! 127.0.0.1/32 -m state --state NEW -j LOG
iptables -A INPUT -s ! 127.0.0.1/32 -m state --state NEW -j DROP
Then I just watch Xconsole. Modify those to LOG & D
Incoming from RatÓn:
>
> I´m new to packet-filtering. As you can imaging starting to use
> iptables. Well once I´ve reached my first configuration I want to test
> it by asking iptables if a certain type of traffic is going to be
> ACCEPTED or not. To do this I make use of the -c option as follows
Thiago Ribeiro wrote:
Hello,
I have any problems with DNAT iptables. I'm redirecting my external http
port to remote host. I have 8 networks, beginning with 192.168.1-8.
My remote machine and destination is 192.168.5.2 and all networks
excluding 192.168.5.0/24 can navigate in this.
When I'm runnin
also sprach Thiago Ribeiro <[EMAIL PROTECTED]> [2004.10.19.2203 +0200]:
> -A PREROUTING -d 200.210.101.37 -p tcp -m tcp --dport 80 -j DNAT --to
> 192.168.5.2:80
>
> I'm using network 7's address and the redirecting is perfect. Only
> network 5 can't to do this.
If I read you correctly, this is be
You may find that the internal web server is sending its reply IP
packets directly to the internal client, instead of via the firewall.
This can occur if the internal client and the internal web server have
the same subnet mask. The internal web server sends the packets straight
back to the in
You may find that the internal web server is sending its reply IP
packets directly to the internal client, instead of via the firewall.
This can occur if the internal client and the internal web server have
the same subnet mask. The internal web server sends the packets straight
back to the in
Hanasaki JiJi, 2003-11-29 05:50:12 +0100 :
> i have a firewwall with 2 nics .. its running iptables. the outside
> nic forwards port 80 to an internal webserver on an internal ip. this
> works great. if an internal host hits the external ip. traffic does
> not go to the internal web server.
Hanasaki JiJi, 2003-11-29 05:50:12 +0100 :
> i have a firewwall with 2 nics .. its running iptables. the outside
> nic forwards port 80 to an internal webserver on an internal ip. this
> works great. if an internal host hits the external ip. traffic does
> not go to the internal web server.
On Thu, 2003-06-26 at 14:37, Matteo Vescovi wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi all,
> I already posted this message to the list but "murphy" decided it wasn't
> written well enough (just to say it never arrived!).
[***SNIP!!!***]
I wouldn't fault murphy directly - a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 26 June 2003 20:37, Matteo Vescovi wrote:
> Hi all,
> I already posted this message to the list but "murphy" decided it wasn't
> written well enough (just to say it never arrived!).
Not my fault!!! See the date and time of the message.
Sor
On Thu, 2003-06-26 at 14:37, Matteo Vescovi wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi all,
> I already posted this message to the list but "murphy" decided it wasn't
> written well enough (just to say it never arrived!).
[***SNIP!!!***]
I wouldn't fault murphy directly - a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 26 June 2003 20:37, Matteo Vescovi wrote:
> Hi all,
> I already posted this message to the list but "murphy" decided it wasn't
> written well enough (just to say it never arrived!).
Not my fault!!! See the date and time of the message.
Sor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 26 June 2003 23:15, Matt Zimmerman wrote:
> Use the LOG target to see which packets are being rejected.
Done. Thanks. Phillip gave me right hints.
Now everything works fine.
Thanks everyone.
See you.
Matteo
- --
Matteo Vescovi
Email: mb
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Try ...
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
KDE needs to be able to talk to it's sub systems via the localhost
interface.
On Thursday 26 Jun 2003 11:34 am, Matteo Vescovi wrote:
: Hi all,
: I'm a newbie on firewalli
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ran into this one a few weeks ago
KDE & some of it's component subsystems seem to
use connections via the localhost interface
I used the following to allow all and any traffic on lo:
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
/sbin/iptables -A INPUT -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 26 June 2003 23:15, Matt Zimmerman wrote:
> Use the LOG target to see which packets are being rejected.
Done. Thanks. Phillip gave me right hints.
Now everything works fine.
Thanks everyone.
See you.
Matteo
- --
Matteo Vescovi
Email: mb
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Try ...
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
KDE needs to be able to talk to it's sub systems via the localhost
interface.
On Thursday 26 Jun 2003 11:34 am, Matteo Vescovi wrote:
: Hi all,
: I'm a newbie on firewalli
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ran into this one a few weeks ago
KDE & some of it's component subsystems seem to
use connections via the localhost interface
I used the following to allow all and any traffic on lo:
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
/sbin/iptables -A INPUT -
On Thu, Jun 26, 2003 at 12:34:29PM +0200, Matteo Vescovi wrote:
> I'm really needing help and suggestions about this little problem.
Use the LOG target to see which packets are being rejected.
--
- mdz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble?
pgp0.pgp
Description: PGP message
On Thu, Jun 26, 2003 at 12:34:29PM +0200, Matteo Vescovi wrote:
> I'm really needing help and suggestions about this little problem.
Use the LOG target to see which packets are being rejected.
--
- mdz
pgp1e103FExbX.pgp
Description: PGP message
On Fri, May 30, 2003 at 09:20:19AM +0200, Filippi Marco wrote:
[snip]
> > > how can they be dropped?
> >
> > not sure, but I think that it'll work when you specify the outside
> > interface... For example: if you want to drop the http requests from
> > w.x.y.z then your rule should look like:
> >
On Fri, May 30, 2003 at 09:20:19AM +0200, Filippi Marco wrote:
[snip]
> > > how can they be dropped?
> >
> > not sure, but I think that it'll work when you specify the outside
> > interface... For example: if you want to drop the http requests from
> > w.x.y.z then your rule should look like:
> >
On Fri, 30 May 2003, Kristof Goossens wrote:
> On Thu, May 29, 2003 at 11:19:24PM -0500, Hanasaki JiJi wrote:
> > I have a nat postrouting rule that passes traffice from the outside
> > world to an internal host to handle port 80 (webserver)
> >
> > there are also rules to drop certain source addr
Hanasaki JiJi wrote on May 29, 2003 at 11:19:24 PM:
> I have a nat postrouting rule that passes traffice from the outside
> world to an internal host to handle port 80 (webserver)
>
> there are also rules to drop certain source addresses yet these
> addresses are still coming through
>
> how c
On Thu, May 29, 2003 at 11:19:24PM -0500, Hanasaki JiJi wrote:
> I have a nat postrouting rule that passes traffice from the outside
> world to an internal host to handle port 80 (webserver)
>
> there are also rules to drop certain source addresses yet these
> addresses are still coming through
On Fri, 30 May 2003, Kristof Goossens wrote:
> On Thu, May 29, 2003 at 11:19:24PM -0500, Hanasaki JiJi wrote:
> > I have a nat postrouting rule that passes traffice from the outside
> > world to an internal host to handle port 80 (webserver)
> >
> > there are also rules to drop certain source addr
Hanasaki JiJi wrote on May 29, 2003 at 11:19:24 PM:
> I have a nat postrouting rule that passes traffice from the outside
> world to an internal host to handle port 80 (webserver)
>
> there are also rules to drop certain source addresses yet these
> addresses are still coming through
>
> how c
On Thu, May 29, 2003 at 11:19:24PM -0500, Hanasaki JiJi wrote:
> I have a nat postrouting rule that passes traffice from the outside
> world to an internal host to handle port 80 (webserver)
>
> there are also rules to drop certain source addresses yet these
> addresses are still coming through
On Tue, May 27, 2003 at 06:23:10PM -0500, Andr?s Rold?n wrote:
> Hi.
>
> I was reading about certain kind of attacks about TCP sequence and I was
> wondering whether iptables is vulnerable to theses attacks. Especifically,
> whether iptables is capable to know if a RELATED or ESTABLISHED package i
On Tue, May 27, 2003 at 06:23:10PM -0500, Andr?s Rold?n wrote:
> Hi.
>
> I was reading about certain kind of attacks about TCP sequence and I was
> wondering whether iptables is vulnerable to theses attacks. Especifically,
> whether iptables is capable to know if a RELATED or ESTABLISHED package i
Sorry for the duplicate. I seem to be about 3 hours behind on email delivery.
- Keegan
On Wed, 23 Apr 2003 15:17:03 +0100
David Ramsden <[EMAIL PROTECTED]> wrote:
>
>
> I'm building a 'secure' server.
> I downloaded the 2.4.20 kernel source from kernel.org and patched with
> grsecurity (latest patch).
> I also disabled loadable modules or any module support in the kernel for
> add
On Wednesday 23 April 2003 07:17 am, David Ramsden wrote:
> I'm building a 'secure' server.
> I downloaded the 2.4.20 kernel source from kernel.org and patched with
> grsecurity (latest patch).
> I also disabled loadable modules or any module support in the kernel for
> added security - So everythi
On Wed, Apr 23, 2003 at 12:22:40PM -0400, Stephen Walker wrote:
> David,
>
> You do not need modules to run netfilter, just compile the required
> modules into the kernel. I have a 2.4.20 server that is iptables
> enabled without loadable modules so I know it works.
>
Thanks for that Steve.
Wo
On Wed, Apr 23, 2003 at 03:17:03PM +0100, David Ramsden wrote:
> However, iptables won't work, saying it can't initialise iptables table
> 'filter' and saying "do you need to insmod?".
> So does iptables require module support? I don't want to use modules
> though! :-)
> Surely the Netfilter people
The trick is in the kernel build. When you do a make menuconfig (or your
favorite config), you neet to go under network options, and enable
network packet filtering, socket filtering, and and any options you want
under Netfilter Configuration (iptables support for example). Then save
and rebuil
On Tue, 08 Apr 2003 at 03:17:18PM -0700, Kevin Buhr wrote:
>
> Also note that the mangle PREROUTING chain is run on all incoming
> packets before any other chain, so:
>
> iptables -t mangle -I PREROUTING -s badbox.evil -j DROP
>
> should drop all packets from "badbox.evil" before any oth
Hanasaki JiJi <[EMAIL PROTECTED]> writes:
>
> Firewall has rules to DNAT incoming traffic to a port on a DMZ box.
>
> how can an iptable rule be written to block some ip addresses before
> they get to the rules
> iptables -t mangle -A FORWARD
> AND
> iptables -t nat -A PR
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
On Tuesday 08 April 2003 03:04, Hanasaki JiJi wrote:
> Firewall has rules to DNAT incoming traffic to a port on a DMZ box.
>
> how can an iptable rule be written to block some ip addresses before
> they get to the rules
> iptables -t mangle -A
On Mon, 31 Mar 2003 10:24:15 +1000
Paul Hampson <[EMAIL PROTECTED]> wrote:
> On Sun, Mar 30, 2003 at 05:23:10PM -0500, Robert Brockway wrote:
> > On Fri, 28 Mar 2003, Hanasaki JiJi wrote:
[snip]
> > If you have more than 1 static address, an MTA running in a DMZ is
> > definately better. This way
On Sun, Mar 30, 2003 at 05:23:10PM -0500, Robert Brockway wrote:
> [1] If you use the "3 legged firewall" setup, it is possible to
> distinguish DMZ traffic from other traffic based on which interface it is
> entering the firewall.
Just have two different NIC's to two different non-routable
LAN's;
On Mon, 31 Mar 2003 10:24:15 +1000
Paul Hampson <[EMAIL PROTECTED]> wrote:
> On Sun, Mar 30, 2003 at 05:23:10PM -0500, Robert Brockway wrote:
> > On Fri, 28 Mar 2003, Hanasaki JiJi wrote:
[snip]
> > If you have more than 1 static address, an MTA running in a DMZ is
> > definately better. This way
On Sun, Mar 30, 2003 at 05:23:10PM -0500, Robert Brockway wrote:
> [1] If you use the "3 legged firewall" setup, it is possible to
> distinguish DMZ traffic from other traffic based on which interface it is
> entering the firewall.
Just have two different NIC's to two different non-routable
LAN's;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
On Monday 31 March 2003 02:24, Paul Hampson wrote:
> On Sun, Mar 30, 2003 at 05:23:10PM -0500, Robert Brockway wrote:
> > On Fri, 28 Mar 2003, Hanasaki JiJi wrote:
> > > Working on running a SMTP server inside the firewall that takes
> > > incoming
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
On Monday 31 March 2003 02:24, Paul Hampson wrote:
> On Sun, Mar 30, 2003 at 05:23:10PM -0500, Robert Brockway wrote:
> > On Fri, 28 Mar 2003, Hanasaki JiJi wrote:
> > > Working on running a SMTP server inside the firewall that takes
> > > incoming
On Sun, Mar 30, 2003 at 05:23:10PM -0500, Robert Brockway wrote:
> On Fri, 28 Mar 2003, Hanasaki JiJi wrote:
>
> > Working on running a SMTP server inside the firewall that takes incoming
> > SMTP traffic from outside the firewall. The below rules are not
> > working. The firewall refuses connec
On Sun, Mar 30, 2003 at 05:23:10PM -0500, Robert Brockway wrote:
> On Fri, 28 Mar 2003, Hanasaki JiJi wrote:
>
> > Working on running a SMTP server inside the firewall that takes incoming
> > SMTP traffic from outside the firewall. The below rules are not
> > working. The firewall refuses connec
On Fri, 28 Mar 2003, Hanasaki JiJi wrote:
> Working on running a SMTP server inside the firewall that takes incoming
> SMTP traffic from outside the firewall. The below rules are not
> working. The firewall refuses connections. Any input on what wrong?
There has been quite a bit of discussion
On Fri, 28 Mar 2003, Hanasaki JiJi wrote:
> Working on running a SMTP server inside the firewall that takes incoming
> SMTP traffic from outside the firewall. The below rules are not
> working. The firewall refuses connections. Any input on what wrong?
There has been quite a bit of discussion
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think you must chech your default policies. Besides, you should
check the traffic from within your mail server with a tool such as snort
or tcpdump and try logging your rules with the -j LOG match.
Hanasaki JiJi <[EMAIL PROTECTED]> writes:
> Worki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think you must chech your default policies. Besides, you should
check the traffic from within your mail server with a tool such as snort
or tcpdump and try logging your rules with the -j LOG match.
Hanasaki JiJi <[EMAIL PROTECTED]> writes:
> Worki
> Working on running a SMTP server inside the firewall that takes incoming
> SMTP traffic from outside the firewall. The below rules are not
> working. The firewall refuses connections. Any input on what wrong?
>
> Thanks,
>
> internal mailserver = 192.168.1.2
>
>
>
> #$PROG -t nat -A PRE
> Working on running a SMTP server inside the firewall that takes incoming
> SMTP traffic from outside the firewall. The below rules are not
> working. The firewall refuses connections. Any input on what wrong?
>
> Thanks,
>
> internal mailserver = 192.168.1.2
>
>
>
> #$PROG -t nat -A PRE
Hanasaki JiJi wrote:
Working on running a SMTP server inside the firewall that takes
incoming SMTP traffic from outside the firewall. The below rules are
not working. The firewall refuses connections. Any input on what wrong?
Thanks,
internal mailserver = 192.168.1.2
#$PROG -t nat -A P
Hanasaki JiJi wrote:
Working on running a SMTP server inside the firewall that takes
incoming SMTP traffic from outside the firewall. The below rules are
not working. The firewall refuses connections. Any input on what wrong?
Thanks,
internal mailserver = 192.168.1.2
#$PROG -t nat -A PRE
Hi,
iptables -t nat -A PREROUTING -p udp -d 130.161.65.18 --dport 2074 -j DNAT --to
192.168.6.2:2074
iptables -t nat -A PREROUTING -p udp -d 130.161.65.18 --dport 2075 -j DNAT --to
192.168.6.2:2075
works nicely to forward external speek freely traffic (uses 2 ports) to my
computer inside my firew
Hi,
iptables -t nat -A PREROUTING -p udp -d 130.161.65.18 --dport 2074 -j DNAT --to
192.168.6.2:2074
iptables -t nat -A PREROUTING -p udp -d 130.161.65.18 --dport 2075 -j DNAT --to
192.168.6.2:2075
works nicely to forward external speek freely traffic (uses 2 ports) to my
computer inside my firew
On Sat, 22 Mar 2003, Eduardo Rocha Costa wrote:
> Thanks for the advice, shorewall is very good... only 4 hours and I make
> the configuration !!
Hi, if you want to improve your firewall and security, just see
http://www.netfilter.org
--
Mauricio Alejandro Araya Lopez* User #24939
On Sat, 22 Mar 2003, Eduardo Rocha Costa wrote:
> Thanks for the advice, shorewall is very good... only 4 hours and I make
> the configuration !!
Hi, if you want to improve your firewall and security, just see
http://www.netfilter.org
--
Mauricio Alejandro Araya Lopez* User #24939
---Haim Ashkenazi wrote:
> On Sat, 22 Mar 2003 06:24:02 -0300
> Eduardo Rocha Costa <[EMAIL PROTECTED]> wrote:
>
> > Hi, first of all sorry my poor English I'll try my best.
> >
> > I have the following scheme in my lab:
> >
> > INTERNET --- firewall --- local network
> >
> > I have rea
---Haim Ashkenazi wrote:
> On Sat, 22 Mar 2003 06:24:02 -0300
> Eduardo Rocha Costa <[EMAIL PROTECTED]> wrote:
>
> > Hi, first of all sorry my poor English I'll try my best.
> >
> > I have the following scheme in my lab:
> >
> > INTERNET --- firewall --- local network
> >
> > I have rea
On Sat, 22 Mar 2003 06:24:02 -0300
Eduardo Rocha Costa <[EMAIL PROTECTED]> wrote:
> Hi, first of all sorry my poor English I'll try my best.
>
> I have the following scheme in my lab:
>
> INTERNET --- firewall --- local network
>
> I have real ip's for all computers in the lab, so I don't need
On Sat, 22 Mar 2003 06:24:02 -0300
Eduardo Rocha Costa <[EMAIL PROTECTED]> wrote:
> Hi, first of all sorry my poor English I'll try my best.
>
> I have the following scheme in my lab:
>
> INTERNET --- firewall --- local network
>
> I have real ip's for all computers in the lab, so I don't need
* Hanasaki JiJi <[EMAIL PROTECTED]> [20030320 09:55 PST]:
> Lars Ellenberg wrote:
> >but to me it seems more appropriate to use a simple store and forward
> >smtp deamon on the firewall.
> what package can i research for a store/foward server?
>
> I thought the secure way was not to run anything
* Hanasaki JiJi <[EMAIL PROTECTED]> [20030320 09:55 PST]:
> Lars Ellenberg wrote:
> >but to me it seems more appropriate to use a simple store and forward
> >smtp deamon on the firewall.
> what package can i research for a store/foward server?
>
> I thought the secure way was not to run anything
what package can i research for a store/foward server?
I thought the secure way was not to run anything like that on a
firewall? That is why I am moving this group's exim off the firewall.
Lars Ellenberg wrote:
On Wed, Mar 19, 2003 at 11:26:10PM -0600, Hanasaki JiJi wrote:
been trying to get
what package can i research for a store/foward server?
I thought the secure way was not to run anything like that on a
firewall? That is why I am moving this group's exim off the firewall.
Lars Ellenberg wrote:
On Wed, Mar 19, 2003 at 11:26:10PM -0600, Hanasaki JiJi wrote:
been trying to get the
On Wed, 19 Mar 2003, Victor Calzado Mayo wrote:
> > internet <=25= firewall iptablerule =port#x=> internalSMTPhost
> >
> > how can the firewall be told to:
> > take all incoming tcp port 25 traffic and send it to
> > smtp host on port X
> iptables -t nat -A PREROUTING -p tcp --dport 25 -
On Wed, Mar 19, 2003 at 11:26:10PM -0600, Hanasaki JiJi wrote:
> been trying to get the following to work for sometime input is most
> appreciated
>
>
> internet <=25= firewall iptablerule =port#x=> internalSMTPhost
>
> how can the firewall be told to:
> take all incoming tcp port 25
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 20 March 2003 06:26, Hanasaki JiJi wrote:
> been trying to get the following to work for sometime input is most
> appreciated
>
>
> internet <=25= firewall iptablerule =port#x=> internalSMTPhost
>
> how can the firewall be told to:
>
On Wed, 19 Mar 2003, Victor Calzado Mayo wrote:
> > internet <=25= firewall iptablerule =port#x=> internalSMTPhost
> >
> > how can the firewall be told to:
> > take all incoming tcp port 25 traffic and send it to
> > smtp host on port X
> iptables -t nat -A PREROUTING -p tcp --dport 25 -
On Wed, Mar 19, 2003 at 11:26:10PM -0600, Hanasaki JiJi wrote:
> been trying to get the following to work for sometime input is most
> appreciated
>
>
> internet <=25= firewall iptablerule =port#x=> internalSMTPhost
>
> how can the firewall be told to:
> take all incoming tcp port 25
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 20 March 2003 06:26, Hanasaki JiJi wrote:
> been trying to get the following to work for sometime input is most
> appreciated
>
>
> internet <=25= firewall iptablerule =port#x=> internalSMTPhost
>
> how can the firewall be told to:
>
No no. I have had been having the problem for quite a few days :( besides I
also use the www.mirror.ac.uk service too!
- Original Message -
From: "Desai, Jason" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, March 11, 2003 5:48 PM
Subject: RE: iptables and apt-get
> Hi
No no. I have had been having the problem for quite a few days :( besides I
also use the www.mirror.ac.uk service too!
- Original Message -
From: "Desai, Jason" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 11, 2003 5:48 PM
Subject: RE: iptables a
had any errors at all.
Jason
> -Original Message-
> From: Victor Calzado Mayo [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, March 11, 2003 11:31 AM
> To: debian-security@lists.debian.org
> Subject: Re: iptables and apt-get
>
>
> -BEGIN PGP SIGNED MESSAGE-
&g
Posted on announce on error... Here is my original post for security:
[EMAIL PROTECTED] (François TOURDE) writes:
> I.R.van Dongen <[EMAIL PROTECTED]> writes:
>
> > On Tue, 11 Mar 2003 14:48:20 -
> > "Ian Goodall" <[EMAIL PROTECTED]> wrote:
> >
> > > All is fine now. Adding the line:
> > >
had any errors at all.
Jason
> -Original Message-
> From: Victor Calzado Mayo [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, March 11, 2003 11:31 AM
> To: [EMAIL PROTECTED]
> Subject: Re: iptables and apt-get
>
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
&g
Posted on announce on error... Here is my original post for security:
[EMAIL PROTECTED] (François TOURDE) writes:
> I.R.van Dongen <[EMAIL PROTECTED]> writes:
>
> > On Tue, 11 Mar 2003 14:48:20 -
> > "Ian Goodall" <[EMAIL PROTECTED]> wrote:
> >
> > > All is fine now. Adding the line:
> > >
CTED]>
> To: "Ian Goodall" <[EMAIL PROTECTED]>
> Cc:
> Sent: Tuesday, March 11, 2003 12:59 PM
> Subject: Re: iptables and apt-get
>
> > iptables -A OUTPUT -p tcp -d /32 --dport 80 -j ACCEPT
> >
> > On Tue, 11 Mar 2003 00:45:48 -
> >
> >
1 - 100 of 384 matches
Mail list logo
