From: "Massimo S." Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTP id 10110358 for ecs-isp@2rosenthals.com; Sat, 29 Jun 2024 13:16:40 -0400 Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:37874 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.97.1) (envelope-from ) id 1sNbgc-000000006lV-1RlL for ecs-isp@2rosenthals.com; Sat, 29 Jun 2024 13:16:30 -0400 Received: from mail2.quasarbbs.net ([80.86.52.115]:10038) by mail2.2rosenthals.com with esmtp (Exim 4.97.1) (envelope-from ) id 1sNbgY-000000001vl-0PCj for ecs-isp@2rosenthals.com; Sat, 29 Jun 2024 13:16:26 -0400 X-SASI-Hits: BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_SIZE_2000_2999 0.000000, BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000, CTE_7BIT 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000, LINES_OF_YELLING_3 0.050000, MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000, NO_CTA_URI_FOUND 0.000000, NO_URI_HTTPS 0.000000, REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SENDER_NO_AUTH 0.000000, SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, USER_AGENT 0.000000, __ANY_URI 0.000000, __BODY_NO_MAILTO 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __CT 0.000000, __CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000, __HEADER_ORDER_FROM 0.000000, __IN_REP_TO 0.000000, __LINES_OF_YELLING 0.000000, __MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000, __NO_HTML_TAG_RAW 0.000000, __REFERENCES 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_MAILTO 0.000000, __URI_NO_WWW 0.000000, __URI_NS 0.000000, __USER_AGENT 0.000000, __WEBINAR_PHRASE 0.000000 X-SASI-Probability: 10% X-SASI-RCODE: 200 X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2024.6.29.164216 X-SASI-Hits: BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_SIZE_2000_2999 0.000000, BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000, CTE_7BIT 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000, LINES_OF_YELLING_3 0.050000, MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000, NO_CTA_URI_FOUND 0.000000, NO_URI_HTTPS 0.000000, REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, USER_AGENT 0.000000, __ANY_URI 0.000000, __AUTH_RES_PASS 0.000000, __BODY_NO_MAILTO 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __CT 0.000000, __CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000, __HEADER_ORDER_FROM 0.000000, __IN_REP_TO 0.000000, __LINES_OF_YELLING 0.000000, __MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000, __NO_HTML_TAG_RAW 0.000000, __REFERENCES 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_MAILTO 0.000000, __URI_NO_WWW 0.000000, __URI_NS 0.000000, __USER_AGENT 0.000000, __WEBINAR_PHRASE 0.000000 X-SASI-Probability: 10% X-SASI-RCODE: 200 X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2024.6.29.164216 Received: from [192.168.10.199] (dtp [192.168.10.199]) by srv2 (Weasel v2.9-0001 ) for ; Sat, 29 Jun 2024 18:49:28 -0000 Reply-To: ml@ecomstation.it Subject: Re: [eCS-ISP] help about an Injoy FW rule To: eCS ISP Mailing List References: Organization: eComStation dot it Message-ID: <4e58efce-aec1-c3d4-cd97-309169ee7541@ecomstation.it> Date: Sat, 29 Jun 2024 19:16:20 +0200 User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424 Thunderbird/1.0.8 Mnenhy/0.7.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: it-IT Content-Transfer-Encoding: 7bit Hi Steven, i've updated Injoy FW to 4.2.3 here on one of my VM and i discovered that it's not a free upgrade *** WARNING: KEY HAS EXPIRED! *** WARNING: ADVANCED FEATURES DISABLED... *** WARNING: PROGRAM WILL TERMINATE AFTER A PAUSE... Fatal: NAT: Too many internal clients - NAT table exhausted! of course i had to rever back to 4.2.2 :-( i tought it was a free update massimo Il 17/03/2024 23:02, Steven Levine ha scritto: > In, on 03/17/24 > at 07:50 PM, "Massimo S." said: > > Hi Massimo, > >> the firewall in that condition do not reach the internet so each 30 >> minutes the fault daemon gives a reboot > OK. The be clear, ijfw is not reaching the internet because gateway.exe > is shutting itself down and you are running with > > device-fxwrap,sys /S > > in config.sys? > >> assist_rem_srv6_in >> Destination-Port = "55000", >> Source = "1.2.3.4", >> Destination = "My_IP", >> Rule-Action = Portmap, >> Mapping-Dest-IP = "192.168.1.8", >> Mapping-Dest-Port = 3389 >> assist_rem_srv6_out Rule-Status = Disabled >> Source-Port = "3389", >> Source = "192.168.1.8", >> Rule-Action = Portmap, >> Mapping-Dest-Port = 65488 >> ext_m_in >> Destination-Port = "55000", >> Source = "1.2.3.5", >> Source-Netmask = 255.255.255.254, >> Destination = "My_IP", >> Rule-Action = Portmap, >> Mapping-Dest-IP = "192.168.1.8", >> Mapping-Dest-Port = 3389 >> ext_m_out >> Source-Port = "3389", >> Source = "192.168.1.8", >> Rule-Action = Portmap, >> Mapping-Dest-Port = 55000 > What happens if you disable the ext_m_in rule and enable the > assist_rem_srv6_in rule? Does gateway.exe run without dieing? > >> i guess the issue that create problems is the one "assist_rem_srv6_in" > If that's the only rule you added, this is probably true. > >>> Have you checked if the recently announced ijfw 4.2.3 release has any >>> effect on his failure? >> still not > OK. I recommend you give it a try. I recommend using the .zip file and > just replacing the binaries (*.exe, *.dll and *.sys). The rest of the > files are unchanged, so your existing rules and configuration files should > works as is. > > Steven