Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
-
Sonicwall NSA 2400 + Squid Transparent Proxy
Ok hopefuly someone takes a peak at this and gives me a hand. I have the Firewall picking up the proxy server using the Web Proxy option in the Network settings. However now I have an issue trying to get the proxy server to partition the DHCP clients from the static clients. I want all DHCP...- imagefree
- Post #3
- Forum: Security, hacker detection & forensics
-
Sonicwall NSA 2400 + Squid Transparent Proxy
No assistance in setting up a transparent proxy via Sonicwall NSA 2400?- imagefree
- Post #2
- Forum: Security, hacker detection & forensics
-
Sonicwall NSA 2400 + Squid Transparent Proxy
Hey, I have a Sonicwall NSA 2400 Firewall device operating as my DHCP. It works great no real complaints all firewalls can be a pain. I recently configured Squid successfully on a Linux (Centos) PC and that's working great as well, however there is one thing missing. To have the Proxy server to...- imagefree
- Thread
- Replies: 2
- Forum: Security, hacker detection & forensics
-
Cisco 2621XM Qos/Tos settings part due
t00r, I must be blind, I read your post and thought 20 was 21. That did the trick. The ftp is working. I will try the ssh troubleshooting later. The 444 is for https, I saw it somewhere in the configs for an application. I dont remember what, just decided to add it. And Thanks again. -
Cisco 2621XM Qos/Tos settings part due
t00r, ignore these lines, they have been removed just some attempts to get to it working. ip nat inside source route-map NO_NAT interface FastEthernet0/0 overload ip nat outside source list 1 interface FastEthernet0/1 -
Cisco 2621XM Qos/Tos settings part due
t00r The http is working, but the ftp and the ssh still isnt working. You can see by my current config that everything is in place. Here are my access-lists after the clear counters. Standard IP access list 1 10 permit 200.100.49.56, wildcard bits 0.0.0.7 (75 matches) Extended IP access... -
Cisco 2621XM Qos/Tos settings part due
Hey t00r, Current config: ! boot-start-marker boot-end-marker ! enable secret 5 $1$TKbU$DbvbBGZb4cvjle5S1vYZ4/ ! no network-clock-participate slot 1 no network-clock-participate wic 0 no aaa new-model ip subnet-zero ! ip cef ip ips po max-events 100 no ftp-server write-enable ! class-map... -
Cisco 2621XM Qos/Tos settings part due
The ftp access refuses to work with the ip nat inside. i am able to hit the address enter my credentials but I cant access the actual folder location and files. -
Cisco 2621XM Qos/Tos settings part due
Update: Adding 'access-list 110 permit tcp 200.100.49.56 0.0.0.7 eq 443 any' opened up the ftp port. I entered 'access-list deny tcp 200.100.49.56 0.0.0.7 eq 21 any' first and it made no difference. Therefore confirming which acl is working. Which now leaves me to wonder if something is blocking... -
Cisco 2621XM Qos/Tos settings part due
Sorry to keep you guys out of loop. I wrote a post and forgot to hit submit post. The config that I said was working isnt working. I can only hit my phps, not the ssh, and ftp isnt working. It was when I first applied the changes to the acls... Cant figure out why it has stopped working. -
Cisco 2621XM Qos/Tos settings part due
Ok, I will go back to the working config. If the 'dirty config' is ok with you guys, I would also like to look into some redunancy for if eitther WAN interface or service goes offline. -
Cisco 2621XM Qos/Tos settings part due
Hits sho access-lists=> Extended IP access list 110 10 permit udp any any (57285731 matches) 20 permit tcp 200.100.49.56 0.0.0.7 eq www any (12803 matches) 30 permit tcp 200.100.49.56 0.0.0.7 eq 22 any (97437 matches) 40 permit tcp 200.100.49.56 0.0.0.7 eq 443 any Extended IP... -
Cisco 2621XM Qos/Tos settings part due
This config was working. I could ssh and php remotely. The ip nat inside source list 1 interface FastEthernet0/1 overload was the active dynamic mapping. Current configuration : 2353 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service... -
Cisco 2621XM Qos/Tos settings part due
Here is my current running config. I got the chance to clean it up. There seems to be one problem however. With the previous configs I could ssh unto the servers remotely. Now I can hit the phps remotely, but not the ssh. Building configuration... Current configuration : 2140 bytes ... -
Cisco 2621XM Qos/Tos settings part due
t00r, After looking over the configs you sent they started to make sense and I gave them a swing. Voila! I can hit my phps and ssh, with my running config. Thanks a mil. -
Cisco 2621XM Qos/Tos settings part due
Hey t00r, This is the output of the current working config, not when the changes were made. gateway.gss#sho ip nat statistics Total active translations: 169 (0 static, 169 dynamic; 169 extended) Outside interfaces: FastEthernet0/1 Inside interfaces: FastEthernet0/0 Hits: 7515672 Misses... -
Cisco 2621XM Qos/Tos settings part due
Minue, t00r I got an hour to look at the cmds (wasnt enough time). First thing I did was remove the ROUTE_VOIP PBR as per minue. No change. Next thing I did with the PBR still removed was remove the incorrect overload statement. I got "%dynamic mapping in use cannot change" so I ran these... -
Cisco 2621XM Qos/Tos settings part due
Ah no fear, and thanks alot guys. I dont have much time for testing at the moment, but I will as soon as possible. The last tesing I did was with the Sonicwall's vpn client to vpn into the site instead of ssh... Thats the direction I need to take. Using a vpn would be more secure it would... -
Cisco 2621XM Qos/Tos settings part due
Minue, Can you point out where I went wrong with the previous attempt to allow php and ssh traffic? -
Cisco 2621XM Qos/Tos settings part due
Hey Minue, I understand the situation with the vacation thing, I am patiently waiting on my day... t00r has been helping me out and giving me new ideas (very gratefull). The audio quality is much better, no complaints, I have the ip nat inside turned on, so the voip traffic is being routed to...
