Firewall

Linux Connection NAT Helper not Working

Some protocols need more than one TCP or UDP connection. For NAT to work the firewall needs to open additional ports to allow client server connection automatically. Examples are FTP (port 21 handshake, additional ports for data), PPTP (port 1723 for handshake, proto GRE 47 for payload) Since Linux kernel (~) 4.7 these helpers are …

Linux Connection NAT Helper not Working Read More »

Source IP Address Based on User

If you want to use different source IP addresses based on the logged in user or running service on a Linux computer you can use these simple commands: /sbin/ifconfig eth0:1 NEW-IP-ADDRESS netmask YOUR-NORMAL-NETMASK /sbin/iptables -t nat -A POSTROUTING -m owner –uid-owner USERNAME -j SNAT –to-source NEW-IP-ADDRESS You can use this if the source IP is …

Source IP Address Based on User Read More »

PaloAlto Packet Loss of 1% and More

Problem: PaloAlto firewall is dropping packets in small bursts of some seconds, and sometimes it drops TCP connections. It only happens on HA clusters on interfaces in active/passive (fail over) mode. Solution: disable the following check box in the Ethernet interface Advanced – LLDP settings: “Enable in HA Passive State” Discussion: Palo Alto uses only one MAC address …

PaloAlto Packet Loss of 1% and More Read More »