Search This Blog

Saturday, August 27, 2005

firewall-wizards digest, Vol 1 #1651 - 2 msgs

Send firewall-wizards mailing list submissions to
firewall-wizards@honor.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@honor.icsalabs.com

You can reach the person managing the list at
firewall-wizards-admin@honor.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."

Today's Topics:

1. cant connect to port 80 (Brent Clark)
2. UPS Worldship connection problems with new firewall device (Servie Platon)

--__--__--

Message: 1
Date: Wed, 17 Aug 2005 21:57:10 +0200
From: Brent Clark <bclark@eccotours.dyndns.org>
To: firewall-wizards@honor.icsalabs.com
Subject: [fw-wiz] cant connect to port 80

Hi list

I have my routing rules as so

/sbin/ip route add 196.36.10.113 dev eth0 src 196.36.10.114 table IS
/sbin/ip route add default via 196.36.10.113 table IS

/sbin/ip route add 192.168.10.200 dev eth2 src 192.168.10.100 table TELKOM
/sbin/ip route add default via 192.168.10.200 table TELKOM

/sbin/ip route add 196.36.10.113 dev eth0 src 196.36.10.114
/sbin/ip route add 192.168.10.200 dev eth2 src 192.168.10.100

/sbin/ip route add default via 196.36.10.113

/sbin/ip rule add from 196.36.10.114 table IS
/sbin/ip rule add from 192.168.10.100 table TELKOM

/sbin/ip rule add fwmark 1 table TELKOM

apart from the rest of my firewall ruleset

I have an entry as :

$IPT -t nat -A PREROUTING -i eth1 -t mangle -p tcp --dport 80 -j MARK --set-mark 1
$IPT -t filter -A FORWARD -i eth1 -o eth2 -m multiport -p tcp --dport 80,443 -m state --state NEW -j ACCEPT

My browser cant seem to connect to a webserver.

Probally a routing issue, as I see that I dont get any messages in syslog of FORWARD complaining.

If anyone could help, it would be most appreciated.

Kind Regards
Brent Clark

--__--__--

Message: 2
Date: Wed, 17 Aug 2005 17:52:03 -0700 (PDT)
From: Servie Platon <servie_tech@yahoo.com>
To: firewall-wizards@honor.icsalabs.com
Subject: [fw-wiz] UPS Worldship connection problems with new firewall device

Hello FW-Wizards and gurus,

I have upgraded my Sonicwall SOHO3 to TZ170 a couple
of weeks back for my small office network.

Everything seems to be working fine except for one
laptop which accesses UPS (United Parcel Service)
Worldship network.

As its description from the UPS website. UPS
WorldShip� is a full featured, Windows�-based,
shipping software application for customers with high
volume shipping needs. WorldShip allows customers to
accelerate, streamline and enhance not only their
shipping processes, but financial and customer service
processes as well.

When we first installed the program in one of the
laptops, it seems to be working fine with the SOHO3
firewall.

And when, we upgraded to the Sonicwall TZ170, that's
when the problem started to set in. We were told by
UPS technical support since we have upgraded a
firewall appliance, the firewall rules may have
blocked inbound and outbound communication between our
small office network and UPS's network.

Furthermore, we were told that we need to enable
support for gethostip.exe, shipups.exe, upslnkmg.exe
alongside allowing access for 153.2.x.x network.

Since I don't see any documentation on this Sonicwall
TZ170 to do the adding of .exe files to the firewall
that supports this method.

I am uncertain though, whether my firewall rules have
something to do with it? AFAIK, other services such as
mail, terminal services are working fine except for
this one.

One odd thing that puzzles me is that if my boss
brings this laptop to his house and connect it to his
Home network through his router, he could connect to
UPS and be able to do work and send info in a
bi-directional manner.

Whereas, if he returns to the office he gets an Error
Code 53670 which according UPS has something to do
with our firewall and dns resolution.

I have attempted and failed to enable this feature and
am hoping that maybe someone may have encountered this
problem in the past who may have the solution.

Again, thank you very much.

Very sincerely yours,
Servie

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

--__--__--

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

End of firewall-wizards Digest

No comments: