Endian Firewall Support Mailinglist ()

Paul McWhinnie | 3 Sep 2009 23:23

Port forwarding by MAC

Hi

I would like to know if it is possible to port forward based on MAC
address rather than source IP?

Basically I would like to allow incoming RDP sessions based on MAC
address - is there a better way of doing this?

Regards
Paul

--

-- 
Acceptable use of my email address:
http://www.mcwhinnie.com/acceptable_use.txt

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

headers

Julio Cesar | 4 Sep 2009 20:03

NTOP problems

Use the Endian NTOP 2.2 and works for a while, then it just stops working.

Hang up and call the service NTOP (traffic monitoring) and he returns to work, but after a while stops working and I can not access it from any formal. Has anyone experienced this?

Thanks,

Julio

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user

headers

Lane.Beneke | 4 Sep 2009 20:05

Re: Port forwarding by MAC

Use the DHCP server to assign a fixed lease to the MAC.  Then port
forward to the fixed address.

 
Lane Beneke
Network Administrator
Southern Piping Co.
(252) 291-1561 ext. 148
-----Original Message-----
From: Paul McWhinnie [mailto:efw@...] 
Sent: Thursday, September 03, 2009 5:24 PM
To: efw-user@...
Subject: [Efw-user] Port forwarding by MAC

Hi

I would like to know if it is possible to port forward based on MAC
address rather than source IP?

Basically I would like to allow incoming RDP sessions based on MAC
address - is there a better way of doing this?

Regards
Paul

-- 
Acceptable use of my email address:
http://www.mcwhinnie.com/acceptable_use.txt

------------------------------------------------------------------------
------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008
30-Day 
trial. Simplify your report design, integration and deployment - and
focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

headers

Steven Sher | 5 Sep 2009 16:17

Re: NTOP problems

I also often have this problem, I turn the traffic monitoring off and on again in the GUI and usually works again, but then you lose all your traffic information very annoying.

Steve

From: Julio Cesar [mailto:juliobici <at> gmail.com]
Sent: 04 September 2009 08:04 PM
To: efw-user <at> lists.sourceforge.net
Subject: [Efw-user] NTOP problems

Use the Endian NTOP 2.2 and works for a while, then it just stops working.

Hang up and call the service NTOP (traffic monitoring) and he returns to work, but after a while stops working and I can not access it from any formal. Has anyone experienced this?

Thanks,

Julio

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user

headers

Christopher Salinardi | 5 Sep 2009 18:23

Re: NTOP problems

Hi, it is believed that this is a bug with NTOP, does your firewall CPU utilization hit 100% when this happens?

I found a workaround for this issue, it seems to have something to do with SSL. Edit the ntop init script to use http for port 3001.

Location: /etc/init.d/ntop

Find this line and change the options in bold:

option="--user ntop --daemon --db-file-path /var/ntop --interface br0 --trace-level 3 --https-server 0 --http-server 3001 --disable-schedyield --no-fc"

Restart ntop: etc/init.d/ntop restart

Of course, this change breaks the url on the page, change it to http:// instead of https:// and it will work.

Thanks,

Chris

On Fri, Sep 4, 2009 at 2:03 PM, Julio Cesar <juliobici-Re5JQEeQqe8@public.gmane.orgm> wrote:

Use the Endian NTOP 2.2 and works for a while, then it just stops working.

Hang up and call the service NTOP (traffic monitoring) and he returns to work, but after a while stops working and I can not access it from any formal. Has anyone experienced this?

Thanks,

Julio

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Efw-user mailing list
Efw-user-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
https://lists.sourceforge.net/lists/listinfo/efw-user

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user

headers

Julio Cesar | 8 Sep 2009 18:50

Re: NTOP problems

Hi Christopher,

The problem has occurred with the CPU under 100%. I did the updates that you passed and is working so far, let's see how it goes.

Thank you for your help.

Julio Cesar

2009/9/5 Christopher Salinardi <csalinardi <at> gmail.com>

Hi, it is believed that this is a bug with NTOP, does your firewall CPU utilization hit 100% when this happens?

I found a workaround for this issue, it seems to have something to do with SSL. Edit the ntop init script to use http for port 3001.

Location: /etc/init.d/ntop

Find this line and change the options in bold:

option="--user ntop --daemon --db-file-path /var/ntop --interface br0 --trace-level 3 --https-server 0 --http-server 3001 --disable-schedyield --no-fc"

Restart ntop: etc/init.d/ntop restart

Of course, this change breaks the url on the page, change it to http:// instead of https:// and it will work.

Thanks,

Chris

On Fri, Sep 4, 2009 at 2:03 PM, Julio Cesar <juliobici-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:

Use the Endian NTOP 2.2 and works for a while, then it just stops working.

Hang up and call the service NTOP (traffic monitoring) and he returns to work, but after a while stops working and I can not access it from any formal. Has anyone experienced this?

Thanks,

Julio

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Efw-user mailing list
Efw-user-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
https://lists.sourceforge.net/lists/listinfo/efw-user

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Efw-user mailing list
Efw-user-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
https://lists.sourceforge.net/lists/listinfo/efw-user

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user

headers

Mike Knisely | 9 Sep 2009 15:12

Re: Port forwarding by MAC

Are you talking about allowing outside users to RDP into your network if
their MAC address matches a list?  If so, that is not possible.  The
reason for this is that the Source MAC Address is only consistent to the
first router.  After that, the Source MAC Address is rewritten each time
a new frame is created.

Mike K.

-----Original Message-----
From: Paul McWhinnie [mailto:efw@...] 
Sent: Thursday, September 03, 2009 5:24 PM
To: efw-user@...
Subject: [Efw-user] Port forwarding by MAC

Hi

I would like to know if it is possible to port forward based on MAC
address rather than source IP?

Basically I would like to allow incoming RDP sessions based on MAC
address - is there a better way of doing this?

Regards
Paul

-- 
Acceptable use of my email address:
http://www.mcwhinnie.com/acceptable_use.txt

------------------------------------------------------------------------
------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008
30-Day 
trial. Simplify your report design, integration and deployment - and
focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

headers

Paul McWhinnie | 10 Sep 2009 10:02

Re: Port forwarding by MAC

Thanks Lane and Mike for your feedback.

I use a VPN for clients that connect from the same PC each time and I
tunnel RDP via SSH for some others.

I have a few clients that move around different customer premises and
use the PCs there.  Not all of these customers have static public IPs so
the clients come in from a different IP each time.  I was trying to
avoid installing VPN clients on the PCs.

I had in mind something similar to MAC filtering on a wireless, but I
see now that that works because the PC connects directly. I did learn
something about MAC addresses though!

Thanks again to you both.

Mike Knisely wrote:
> Are you talking about allowing outside users to RDP into your network if
> their MAC address matches a list?  If so, that is not possible.  The
> reason for this is that the Source MAC Address is only consistent to the
> first router.  After that, the Source MAC Address is rewritten each time
> a new frame is created.
> 
> Mike K.
> 
> -----Original Message-----
> From: Paul McWhinnie [mailto:efw@...] 
> Sent: Thursday, September 03, 2009 5:24 PM
> To: efw-user@...
> Subject: [Efw-user] Port forwarding by MAC
> 
> Hi
> 
> I would like to know if it is possible to port forward based on MAC
> address rather than source IP?
> 
> Basically I would like to allow incoming RDP sessions based on MAC
> address - is there a better way of doing this?
> 
> Regards
> Paul
> 

--

-- 
Acceptable use of my email address:
http://www.mcwhinnie.com/acceptable_use.txt

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

headers

Julio Cesar | 10 Sep 2009 14:58

Block IP originated from the external network (red)

Greetings,

There is the possibility of blocking an IP address, originating from an external network, whatever the service (port) to access my network in Endian.

The situation is I have a high traffic from a particular IP to my network, for example accessing a web server from my internal network.

I want to block this IP and they can stop this high traffic, there is this possibility?

Thanks,

Julio Cesar

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user

headers

Santhosh Kumar Gulla | 15 Sep 2009 09:37

Remote logging from Endian


Dear All,

Can any one guide me how to log the logs in a remote syslog server. I 
have ticked the remote logging option in endian firewall and given a IP 
w.x.y.z, but it is not logging into that machine. The remote machine is 
running debian lenny with rsyslog installed in it.

Can any one guide me how to configure the remote logging machine as well.

Is there any other syslog server which supports endian remote logging. 
Please list them.

With Regards
--
Santy

------------------------------------------------------------------------------
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
http://p.sf.net/sfu/devconf

2	May 2013
2	April 2013
20	March 2013
10	February 2013
1	January 2013
21	December 2012
56	November 2012
2	October 2012
15	September 2012
25	August 2012
5	July 2012
7	June 2012
7	May 2012
9	April 2012
1	March 2012
26	February 2012
3	January 2012
1	December 2011
9	November 2011
41	October 2011
48	September 2011
2	August 2011
10	July 2011
9	June 2011
6	May 2011
9	April 2011
18	March 2011
40	February 2011
5	January 2011
13	December 2010
58	November 2010
34	October 2010
39	September 2010
30	August 2010
18	July 2010
50	June 2010
70	May 2010
69	April 2010
46	March 2010
40	February 2010
46	January 2010
56	December 2009
86	November 2009
61	October 2009
59	September 2009
18	August 2009
40	July 2009
76	June 2009
94	May 2009
70	April 2009
115	March 2009
85	February 2009
61	January 2009
73	December 2008
152	November 2008
270	October 2008
96	September 2008
121	August 2008
88	July 2008
122	June 2008
147	May 2008
175	April 2008
44	March 2008
74	February 2008
144	January 2008
86	December 2007
149	November 2007
223	October 2007
143	September 2007
134	August 2007
96	July 2007
131	June 2007
118	May 2007
105	April 2007
107	March 2007
101	February 2007
206	January 2007
141	December 2006
159	November 2006
172	October 2006
168	September 2006
95	August 2006
46	July 2006

Mon	Tue	Wed	Thu	Fri	Sat	Sun

	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30