Search found 375 matches

by aus-city
Wed Mar 11, 2020 11:26 am
Forum: Atomic Protector (formerly ASL)
Topic: psa-proftpd.x86_64 0:1.3.7rc3-3, rc3-4
Replies: 0
Views: 7818

psa-proftpd.x86_64 0:1.3.7rc3-3, rc3-4

Support, What happened yesterday with psa-proftpd.x86_64 0:1.3.7rc3-3.el7.art and now psa-proftpd.x86_64 0:1.3.7rc3-4.el7.art? 421 Service not available, remote server has closed connection yum downgrade back to psa-proftpd.x86_64 0:1.3.7rc3-2.el7.art 220 ProFTPD 1.3.6rc2 Server xxxx Clearly the pac...
by aus-city
Sun Oct 09, 2016 1:27 pm
Forum: Control Panel Support Help
Topic: ip filering port 110 and 143 breaks watchdog
Replies: 2
Views: 3728

Re: ip filering port 110 and 143 breaks watchdog

Thanks, but I'm using courier-IMAP and I'm needing to filter as we have some old equipment that can't do secure email. I'm filtering and allowing my ip here as we'll as localhost. It's working as roundcube is connecting over 143. If I drop localhost of access to TCP 143 roundcube can't log in. I've ...
by aus-city
Sat Oct 08, 2016 6:54 pm
Forum: Control Panel Support Help
Topic: ip filering port 110 and 143 breaks watchdog
Replies: 2
Views: 3728

ip filering port 110 and 143 breaks watchdog

Okay I'm filtering in asl-firewall tcp 110 and 143 to drop all ! myownip new connections

(yeah tired of asking no more insecure logins)

Now watchdog says courier imap and pop3 are down (but not pop3s and imaps).

Tried allowing lo and the host IP no go.

Any idea's?

Cheers!

David
by aus-city
Sat Oct 08, 2016 6:50 pm
Forum: Atomic Protector (formerly ASL)
Topic: Question on tortixd requiring TCP 3306
Replies: 1
Views: 2341

Question on tortixd requiring TCP 3306

I think this is more asl support than firewall.

I've in asl-firewall dropped ! myownipaddress to tcp 3306 new

Now asl-web (tortixd) returns after ages there's a file missing error..

What do I have to enable to allow filtering on 3306 without breaking tortixd?

Cheers,

David
by aus-city
Mon Aug 24, 2015 11:47 am
Forum: Atomic Protector (formerly ASL)
Topic: Sharing ASL blacklist or new banned / shunned across network
Replies: 2
Views: 2534

Sharing ASL blacklist or new banned / shunned across network

Support, Is there anyway I can pick up the blacklist off the ASL protected server? Brief topography. Incoming is direct into a Microtik CCR1016-12G. Then through its firewall/mangle I'm forwarding incoming connections on allowed ports into the ASL server, that then netmap out. Its also doing the LAN...
by aus-city
Sat May 16, 2015 6:07 pm
Forum: Atomic Protector (formerly ASL)
Topic: IP Tunnel / ovpn - asl whitelist issue
Replies: 0
Views: 2256

IP Tunnel / ovpn - asl whitelist issue

Support, I've set up a tunnel over openvpn. I've got a WAN IP routed over the tunnel to other end, so I can masquerade / SNAT as well as my own static IPs. Only issue I've got, on my ASL server, got to whitelist the distant/origin end of the tunnel (10.9.0.1). I've whitelisted only my local end (10....
by aus-city
Mon Jun 16, 2014 4:39 pm
Forum: Atomic Protector (formerly ASL)
Topic: centos enable NAT reflection
Replies: 1
Views: 3516

Re: centos enable NAT reflection

Fixed use iptables -A PREROUTING -i <local-network-device eth0 for me> -s <ip range you want to redirect 192.168.0.0/24 for me> -d <your WAN IP that your accessing inside> -p tcp -m tcp --dport <which port> -j DNAT --to-destination <localmachineip:port> -A PREROUTING -i eth0 -s 192.168.0.0/24 -d xx....
by aus-city
Mon Jun 16, 2014 12:35 pm
Forum: Atomic Protector (formerly ASL)
Topic: Clients on LAN cant VPN using pptp
Replies: 1
Views: 3449

Re: Clients on LAN cant VPN using pptp

Fixed. The correct way in later Centos (6) is to add the modules in /etc/sysconfig/modules [root@primary ~]# ls /etc/sysconfig/modules bluez-uinput.modules ip_nat_pptp.modules nf_nat_proto_gre.modules [root@primary ~]# cat /etc/sysconfig/modules/ip_nat_pptp.modules #!/bin/sh /sbin/modprobe ip_nat_pp...
by aus-city
Sat Jun 14, 2014 10:57 pm
Forum: Atomic Protector (formerly ASL)
Topic: centos enable NAT reflection
Replies: 1
Views: 3516

centos enable NAT reflection

Does anyone know how to enable NAT reflection?

My LAN cant see the web and other services running on the WAN IP

I can connect to the internal IPs, but how can we access our WAN IP internally?

Cheers
by aus-city
Sat Jun 14, 2014 7:55 pm
Forum: Atomic Protector (formerly ASL)
Topic: Clients on LAN cant VPN using pptp
Replies: 1
Views: 3449

Clients on LAN cant VPN using pptp

Im using a centos 6 server for gateway. Ive tried inserting [root@primary ~]# modprobe ip_nat_pptp WARNING: Error inserting nf_conntrack_proto_gre (/lib/modules/2.6.32-431.17.1.el6.x86_64/kernel/net/netfilter/nf_conntrack_proto_gre.ko): Operation not permitted WARNING: Error inserting nf_conntrack_p...
by aus-city
Fri Jun 13, 2014 8:08 pm
Forum: Atomic Protector (formerly ASL)
Topic: tortixd broken after update (ive rolled back mod_security)
Replies: 3
Views: 4092

Re: tortixd broken after update (ive rolled back mod_securit

I see the newly updated mod_security #22 fixes the issue WITH the tags in :)
by aus-city
Fri Jun 13, 2014 1:23 pm
Forum: Atomic Protector (formerly ASL)
Topic: tortixd broken after update (ive rolled back mod_security)
Replies: 3
Views: 4092

tortixd broken after update (ive rolled back mod_security)

[root@primary ~]# /etc/init.d/tortixd restart Stopping tortixd: [FAILED] Starting tortixd: Syntax error on line 25 of /var/asl/etc/httpd/modsecurity.d/tortix_waf.conf: Invalid command 'SecConnReadStateLimit', perhaps misspelled or defined by a module not included in the server configuration [FAILED]...
by aus-city
Sun Mar 23, 2014 6:52 pm
Forum: Atomic Protector (formerly ASL)
Topic: An error occurred attempting to read file /var/asl/data/vuln
Replies: 5
Views: 4390

Re: An error occurred attempting to read file /var/asl/data/

There's no errors running asl with check.

Also its blank paragraph on an asl -pc

The error only shows up in the GUI.

Ive tried root, apache, as well as tortix, but its got 666 chmod anyway...