Hi there, I'm so happy with this tool, so far I solve again the problem with P2P traffic.
Thanks a lot Victor.
Now I have more questions:
1-How do I enable de PRE-VMR incoming rules (from internet to firewall, i.e. www, pptp, smtp, ping, etc).
2-In the same way this sme-server has a HBT firewall script, http://web.inter.nl.net/users/hanscees/sme7/wondershaperbeefedup.html
that could be easily configured for any neardenthal sysadmin like me :-P so I want to put it on the sme masq script (that has the preconfigured rules).
3-I'm going build a package for this SME-server, because I saves a Ipcop/Smothwall machine so less electric use, less software to administrate, etc.
Thanks.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Vuurmuur creates the PRE-VRMR-* chains, you need to create the rules inside these chains. The purpose of these chains is to allow you to create iptables rules Vuurmuur can't create for you.
I'm sorry, but I don't understand what you are asking in questions 2 and 3, could you rephrase them?
Cheers,
Victor
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
this is the default firewall script, you can add the other file that is the wondershaper script to that script.
This script for default open this ports to the internet(if you configure the server for those ports)
http
https
ping
pptp
So if I'm not wrong vuurmuur, take the "masq" script as a PRE-VMR rules... but when I shut on the vuurmuur daemon, the rules are in "iptables -L" it seems to appear in the PRE-VMR rules, but when I try to access the server from internet this preconfigured rules are not working.
What I need to activate?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
What you seem to be doing is mixing two separate firewall tools. Vuurmuur was never designed for that and I highly recommend against it. The PRE-VRMR chains are meant for adding specific rules Vuurmuur cannot create, not for mixing in another firewall tool.
The SME rules will have to be modified to be added to the PRE-VRMR chains, so you are touching those rules anyway. Why not try to use Vuurmuur for all rules. Nothing you wrote has suggested Vuurmuur won't be able to create the rules you need. I'd be happy to help you with setting those rules up.
Cheers,
Victor
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
There is a pptp service in Vuurmuur by default. For incoming connections that would be 'accept service pptp from world.inet to firewall'. You may need to load a kernel module for pptp: ip_conntrack_pptp or nf_conntrack_pptp.
For the marking. The rule you show can be done in Vuurmuur as well. Just use:
'accept service dns from firewall to world.inet options nfmark="1"'
Let me know how it works!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The smeserver has a pptp server that works for default, so all the services are working, I can connect to the PPTP server, and then get an internal IP address from the dhcpserver, everything works like normal.
But when I make ping, connect to the proxy, or make ssh I can not reach the internal card, also the server gives an error on the screen.
I made all possible combinations but it doenst work.
Can be a problem of masq? o Dnat?
I'll thank a lot the suggestions to solve this problem, I have to move to another place to probe the PPTP connections and it takes time, I´m tring to setup a sme-server to program this feature inside mi machine with www.virtualbox.org
but is taking time.(i need to freed disk an format)
Thanks.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It's really hard to give any advice without more detailed information. How is your pptp setup? What vuurmuur rules do you have for it? Do you see dropped traffic? Whats the error message you get on the screen?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi there, I'm so happy with this tool, so far I solve again the problem with P2P traffic.
Thanks a lot Victor.
Now I have more questions:
1-How do I enable de PRE-VMR incoming rules (from internet to firewall, i.e. www, pptp, smtp, ping, etc).
2-In the same way this sme-server has a HBT firewall script, http://web.inter.nl.net/users/hanscees/sme7/wondershaperbeefedup.html
that could be easily configured for any neardenthal sysadmin like me :-P so I want to put it on the sme masq script (that has the preconfigured rules).
3-I'm going build a package for this SME-server, because I saves a Ipcop/Smothwall machine so less electric use, less software to administrate, etc.
Thanks.
Hi,
Vuurmuur creates the PRE-VRMR-* chains, you need to create the rules inside these chains. The purpose of these chains is to allow you to create iptables rules Vuurmuur can't create for you.
I'm sorry, but I don't understand what you are asking in questions 2 and 3, could you rephrase them?
Cheers,
Victor
Ok.
SME has an script for firewall rules.
the script is located in /etc/rc.d/init.d/masq
this is the default firewall script, you can add the other file that is the wondershaper script to that script.
This script for default open this ports to the internet(if you configure the server for those ports)
http
https
ping
pptp
So if I'm not wrong vuurmuur, take the "masq" script as a PRE-VMR rules... but when I shut on the vuurmuur daemon, the rules are in "iptables -L" it seems to appear in the PRE-VMR rules, but when I try to access the server from internet this preconfigured rules are not working.
What I need to activate?
What you seem to be doing is mixing two separate firewall tools. Vuurmuur was never designed for that and I highly recommend against it. The PRE-VRMR chains are meant for adding specific rules Vuurmuur cannot create, not for mixing in another firewall tool.
The SME rules will have to be modified to be added to the PRE-VRMR chains, so you are touching those rules anyway. Why not try to use Vuurmuur for all rules. Nothing you wrote has suggested Vuurmuur won't be able to create the rules you need. I'd be happy to help you with setting those rules up.
Cheers,
Victor
Hi there again.
Is working every thing but
1-How to make work a pptp server that works in the same firewall machine?
2-I need to make work the whondeshaper script so the only thing I need to do is to change
iptables -t mangle -A OUTPUT -p udp --dport 53 -o $EXTDEV -j MARK --set-mark 0x1
iptables -t mangle -A OUTPUT -p udp --dport 53 -j RETURN
to
iptables -t mangle -A PRE-VRMR-OUTPUT -p udp --dport 53 -o $EXTDEV -j MARK --set-mark 0x1
iptables -t mangle -A PRE-VRMR-OUTPUT -p udp --dport 53 -j RETURN
In other hand I'm triying to mofify the SME scripts to make the vuurmuur rules, So don`t disturb You more. (your app works so well)
There is a pptp service in Vuurmuur by default. For incoming connections that would be 'accept service pptp from world.inet to firewall'. You may need to load a kernel module for pptp: ip_conntrack_pptp or nf_conntrack_pptp.
For the marking. The rule you show can be done in Vuurmuur as well. Just use:
'accept service dns from firewall to world.inet options nfmark="1"'
Let me know how it works!
Hi there.
The smeserver has a pptp server that works for default, so all the services are working, I can connect to the PPTP server, and then get an internal IP address from the dhcpserver, everything works like normal.
But when I make ping, connect to the proxy, or make ssh I can not reach the internal card, also the server gives an error on the screen.
I made all possible combinations but it doenst work.
Can be a problem of masq? o Dnat?
I'll thank a lot the suggestions to solve this problem, I have to move to another place to probe the PPTP connections and it takes time, I´m tring to setup a sme-server to program this feature inside mi machine with www.virtualbox.org
but is taking time.(i need to freed disk an format)
Thanks.
It's really hard to give any advice without more detailed information. How is your pptp setup? What vuurmuur rules do you have for it? Do you see dropped traffic? Whats the error message you get on the screen?