search for: anguelov

Hi, I am trying to configure the SMTP service on DMZ host. Added the rule: ACCEPT wan dmz:66.58.99.84 tcp pop3 - ACCEPT wan dmz:66.58.99.84 tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp pop3 - issued shorewall clear, shorewall restart, but still couldn''t telnet to the mail server

..., I already searched and read the whole documentation on shorewall.net site. google.com didn''t help much either. It''s something small, but somehow could not get it. If you need some other files, listings, I am ready to post them here. Regards and thank you for your help, Trifon Anguelov " Trifon Anguelov -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Monday, January 06, 2003 3:34 PM To: Trifon Anguelov; ''shorewall-users@shorewall.net'' Subject: Re: [Shorewall-users] SMTP traffic gets blocked --On Monday, January 06, 200...

While I''m in temporary retirement, I''ve decided spend a little time experimenting with new things and making some updates to the web site. The biggest result of this effort to date has been: http://shorewall.sf.net/Shorewall_Squid_Usage.html This outlines how to use Squid as a transparent proxy running on the firewall, in the DMZ or in the local network. In the latter two

...- Policy are: #client server policy log_level lan lan ACCEPT info lan wan ACCEPT info fw lan ACCEPT info lan fw REJECT info wan wan ACCEPT info wan all DROP info all all REJECT info Thank you for your help in advance. Trifon Anguelov

Group, I am reading about tc (traffic control) and willing to get my feet wet. As requirement, there should be HTB compiled in the kernel. I grabbed a Mandrake 8.2 distro, and didn''t installed the kernel source. Anyone knows if the HTB is compiled in Mandrake 8.2, or point a way to find that out? I tried to read the /usr/src/kernel.xxxxx/.config file, but it doesn''t exists.

Hi everyone, I have a question regarding the default gateway for hosts on DMZ zone. I moved servers from parallel to the DMZ (outside the firewall, directly connected to I-net) to inside DMZ. The default gw for these servers was the DSL router(bridge) of my ISP. What should be the default gw (for the hosts inside the DMZ), when hosts are inside the DMZ now - still the DSL router (external

.... Shorewall can, if configured correctly, accept traffic to the same port on different public IP addresses and forward it to different ports at a single private IP address. We''d need more specific information to give you a specific rule. - Bradey -----Original Message----- From: Trifon Anguelov [mailto:clio_usa@yahoo.com] Sent: Tuesday, January 14, 2003 3:10 PM To: Shorewall Users Subject: [Shorewall-users] Two web servers on DMZ zone with private addresses. How to? Two quick questions to the group: Anyone seen this before: Jan 14 02:55:45 gw1 kernel: Shorewall:all2all:REJECT:IN=eth...

Two quick questions to the group: Anyone seen this before: Jan 14 02:55:45 gw1 kernel: Shorewall:all2all:REJECT:IN=eth1 OUT=eth0 SRC=66.58.99.83 DST=170.224.8.51 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=38676 DF PROTO=TCP SPT=1735 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 I mean my web server is trying to replay to some external host 170.224.8.51 (p.moreover.com) for some reason. What could be? It

...y ARP and masquerading independently. I couldn''t find anything on the web site that directly covered this, although I certainly could have missed it. I know one question does not a FAQ make, but adding this to the FAQ seems reasonable. - Bradey -----Original Message----- From: Trifon Anguelov [mailto:clio_usa@yahoo.com] Sent: Monday, January 13, 2003 5:07 PM To: Shorewall Users Subject: [Shorewall-users] Using private & public addresses together in the Shorewall''s DMZ zone I have one question: Can I use routable and non-routable IP addreses together in the DMZ zone?...

I have one question: Can I use routable and non-routable IP addreses together in the DMZ zone? I read the both three-interfaces setup and the Configuration Guide and each one explains how to do the either way? My problem is that, I have to use the public IP address for my DNS server (cannot change that), and setup additional web servers which will do port-forwarding (DNAT) through the firewall