Re: auto-blacklist

Would something like portsentry help you with this?  

On Mon, 31 Jan 2005 18:46:40 -0500, Eric Esterle <eesterle <at> nc.rr.com> wrote:
> I have been getting a lot of dictionary attacks against my server and
> want to automatically add the IP address of the offender when their
> failed SSH login attempts are equal to five or more.  I was just going
> to write a dumb BASH script to do this unless there is a more
> intelligent way?
> 
> Eric
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users <at> lists.shorewall.net
> Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
>

Re: auto-blacklist

Gary Buckmaster wrote:
> Would something like portsentry help you with this?  
> 

portsentry is broader in scope, it would also trigger on scans and other 
possibly malicious behavior. I'd lean towards the special purpose script.

--

-- 
Jack at Monkeynoodle dot Org: It's a Scientific Venture...
Riding the Emergency Third Rail Power Trip since 1996!

Re: multiple pppoe connections

Let me describe my scenario

My adsl connection provided by ISP allow 4 simultaneous login
(i.e. the adsl modem has four lan ports, which allow 4 PCs connected
to and using pppoe to dialup)

I use my linux server to dialup four times to get four ip address
i.e.
#adsl-start and get e.g. 1.1.1.2 of ppp0
#adsl-start and get e.g. 1.1.1.20 of ppp1
#adsl-start and get e.g. 1.1.1.15 of ppp2
#adsl-start and get e.g. 1.1.1.30 of ppp3

now, the linux server has four ppp connections 

Then I want for example
UserA using 1.1.1.2 to access the Internet
USerB using 1.1.1.15 to access the Internet
UserB using 1.1.1.20 to access the Internet
1.1.1.30 for others

On Mon, 31 Jan 2005 06:49:40 -0800, Tom Eastep <teastep <at> shorewall.net> wrote:
> Adrian Mak wrote:
> > My Internet gateway is using ADSL PPPoE connection with dynamic public
> > IP assigned by ISP. My Internet gateway is Redhat AS3 U2, shorewall
> > 2.0.9
> >
> > As my ISP provided 4 simultaneous pppoe dailup connection for the same
> > physical adsl line. My linux server can be configured for multiple
> > pppoe connection i.e. ppp0, ppp1, ppp2, ppp3

net2phone calls

Hello,
     My server is Mandrake 10.1
eth0 is WAN with static IP connected to 512k DSL
eth1 is LAN.

I am using squid proxy for internet with NSCA auth.
I am able to send and recieve mails.

One of the client system wants to be able 
to make net2phone calls.

As of now he is not able to.

Howto allow net2phone calls ?

Thanks

Varun

Re: net2phone calls

varun_saa <at> vsnl.net wrote:
> 
> Hello,
>      My server is Mandrake 10.1
> eth0 is WAN with static IP connected to 512k DSL
> eth1 is LAN.
> 
> I am using squid proxy for internet with NSCA auth.
> I am able to send and recieve mails.
> 
> One of the client system wants to be able
> to make net2phone calls.
> 
> As of now he is not able to.
> 
> Howto allow net2phone calls ?

You have to know which ports you need to open up for net2phone, which
really doesn't have anything to do with Shorewall...the net2phone client
is your client, not the Shorewall community's.

You have to visit Net2phone support:

http://web.net2phone.com/consumer/commcenter/helpfirewall.asp

which states that you need to open up at least three ports: 
tcp 80 - tcp 6800 - udp 6801

If squid allows udp transport just make sure your net2phone client can
make their initial connection by logging in at relay.net2phone.com:80,

Shorewall configuration - 'run_iptables'-problem

Shorewall problem

I am getting the following message when Shorewall stops can anybody shed 
any light on this message and where I should be looking? Thanks

root <at> bobshost:~# shorewall stop
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Stopping Shorewall...Processing /etc/shorewall/stop ...
IP Forwarding Enabled
Processing /etc/shorewall/stopped ...
/usr/share/shorewall/firewall: line 7: eth1: command not found
done.

root <at> bobshost:/home/bob# shorewall version
2.2.0
root <at> bobshost:/home/bob# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
2: eth0: <BROADCAST,MULTICAST,NOTRAILERS,UP> mtu 1500 qdisc pfifo_fast 
qlen 1000
    link/ether 00:30:bd:6a:f2:d3 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.8/24 brd 255.255.255.255 scope global eth0
    inet6 fe80::230:bdff:fe6a:f2d3/64 scope link
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:0d:87:71:4f:b6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global eth1
    inet6 fe80::20d:87ff:fe71:4fb6/64 scope link

Re: Shorewall problem

Bob Inglis wrote:
> I am getting the following message when Shorewall stops can anybody shed
> any light on this message and where I should be looking? Thanks
> 
> root <at> bobshost:~# shorewall stop
> Loading /usr/share/shorewall/functions...
> Processing /etc/shorewall/params ...
> Processing /etc/shorewall/shorewall.conf...
> Loading Modules...
> Stopping Shorewall...Processing /etc/shorewall/stop ...
> IP Forwarding Enabled
> Processing /etc/shorewall/stopped ...
> /usr/share/shorewall/firewall: line 7: eth1: command not found
> done.
> 

Please:

	shorewall trace stop 2> /tmp/trace

If you can't tell what the problem is from looking at /tmp/trace then
please post it to me personally.

Thanks,
-Tom
--

-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep <at> shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Re: Shorewall configuration - 'run_iptables'-problem

Reinhard Schretzmayer wrote:
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users <at> lists.shorewall.net
> Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm

Please post in plain text -- otherwise, the Mailman HTML->TEXT
translator may fail and your message will not be delivered.

-Tom
--

-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep <at> shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Re: multiple pppoe connections

Adrian Mak wrote:
> Let me describe my scenario
> 
> My adsl connection provided by ISP allow 4 simultaneous login
> (i.e. the adsl modem has four lan ports, which allow 4 PCs connected
> to and using pppoe to dialup)
> 
> I use my linux server to dialup four times to get four ip address
> i.e.
> #adsl-start and get e.g. 1.1.1.2 of ppp0
> #adsl-start and get e.g. 1.1.1.20 of ppp1
> #adsl-start and get e.g. 1.1.1.15 of ppp2
> #adsl-start and get e.g. 1.1.1.30 of ppp3
> 
> now, the linux server has four ppp connections 
> 
> Then I want for example
> UserA using 1.1.1.2 to access the Internet
> USerB using 1.1.1.15 to access the Internet
> UserB using 1.1.1.20 to access the Internet
> 1.1.1.30 for others
> 

By "UserA", do you mean some computer behind the firewall? If so, you
might be able to do this with Policy routing but it will require some
scripting, especially of the IP addresses you get via PPPOE are dynamic.

At any rate, this has almost nothing to do with Shorewall; about all you
would need to do in Shorewall would be to use the tcrules file to
uniquely mark those packets that came from UserA, UserB and UserC so