search for: demilitarized

Hello all, I am a newbie to Linux firewalls, and am trying to setup shorewall to allow connections from an Oracle client to an Oracle Server. The client tries to connect to the server via port 1521 (it works fine) and once the first connection has been successful, the server sends a redirect to the client to a random high port. So, when the client tries to connect again to the sevrer on that port

...145 (dmz net 38.116.45.144/28) Eth4 66.28.28.78 (provider uplink 66.28.28.76/30) echo 1 >/proc/sys/net/ipv4/ip_forward Shorewall.conf is Debian 3.1 sparc64 standard Shorewall version 2.2.3 Interfaces: net eth4 detect dmz eth2 detect loc eth0 detect Zones: dmz dmz DeMilitarized Zone net net Outside Network loc LocalNet Local Network masq: eth4 eth0 66.28.28.78 policy: loc $FW ACCEPT net $FW ACCEPT dmz $FW ACCEPT net loc ACCEPT loc net ACCEPT dmz loc ACCEPT loc dmz ACCEPT dmz net ACC...

...t dmz icmp 8 ACCEPT net fw icmp 8 ACCEPT dmz net icmp 8 /etc/shorewall/zones #ZONE DISPLAY COMMENTS net Net Internet #loc Local Local networks dmz DMZ Demilitarized zone [root@ucsfw02 shorewall]# shorewall version 2.1.3 [root@ucsfw02 shorewall]# ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo inet6 ::1/128 scope host...

...around the world globe : 2 x VPS in the UK and USA, 1 (fully) virtual server (with bridged eth adapter on account of that my internal ifconfig shows another ip, and the public ip is different, but the server is pingable, and ports are accessible too), and 2 servers behind routers in so called "demilitarized zone". Since glusterfs does not need any file system (at least it was never mentioned in installation instructions) I decided to set up a catalogue (/data) where I am supposed to keep my data and replicate the data onto the other /data folders on the other servers. So we have 5 ip addresses...

...mmunication. Would it be safer to just turn on the relevant ports in the rules, and turn off this policy? Excerpt from /etc/shorewall/routestopped: eth0 - Excerpt from /etc/shorewall/zones: net Net Internet loc Local Local Networks #dmz DMZ Demilitarized Zone I had all this working before, but of course I can''t find those backups. :( I''ve been backing up as I go, and I think this is the last thing on my FW I need to get working right now. Thanks for any help, please LMK if there is any more relevant information. Adam

...irectory dns domain. You posted in your smb.conf: password server = 10.19.26.136 From your /etc/hosts: 10.19.59.58 emdc1ftpl03.dmz.local? emdc1ftpl03 and 10.19.26.136??? azeuw1dcem01.emea.media.global.loc dmz.local != emea.media.global.loc Also if 'dmz' means this is a machine in a demilitarized zone, then you will have to open that many ports in the dmz firewall that you would render it virtually useless, but you would still have the wrong dns domain problem. There are various other problems, but they pale into insignificance with your main problem. Rowland **

...12.47.198.108 eth1:2 12.47.198.101 eth2 172.16.11.249 interfaces: loc eth0 detect net eth1 detect blacklist dmz eth2 detect vpn1 tun1 192.168.124.255 zones net Net Internet loc Local Local networks dmz DMZ Demilitarized zone vpn1 Tunnel1 Tunnel to LA masq eth1 eth0 To allow the Phoenix DNS server to respond, I added the following to rules: DNAT net loc:172.16.10.241 udp 53 - 12.47.198.108 DNAT net loc:172.16.10.241 tcp 53 - 12.47.198.108 This works fine except that notifies from the Phoenix D...

...to tunnel everything throug the VPNtunnel? Thanks a lot Bjoern My current shorewall config looks like this: #####Zones##### #ZONE DISPLAY COMMENTS net Net Internet loc Local Local networks vpn0 VPN0 OpenVPN TCP 443 dmz DMZ Demilitarized zone #####Interfaces##### #ZONE INTERFACE BROADCAST OPTIONS # net eth1 172.16.135.255 dhcp,blacklist,tcpflags,maclist loc eth0 10.0.123.255 dhcp vpn0 tun0 #####masq##### #INTERFACE SUBNET ADDRESS PROTO PORT(S) # et...

...vider uplink 66.28.28.76/30) > >echo 1 >/proc/sys/net/ipv4/ip_forward > >Shorewall.conf is Debian 3.1 sparc64 standard >Shorewall version 2.2.3 > >Interfaces: >net eth4 detect >dmz eth2 detect >loc eth0 detect > >Zones: >dmz dmz DeMilitarized Zone >net net Outside Network >loc LocalNet Local Network > >masq: >eth4 eth0 66.28.28.78 > >policy: >loc $FW ACCEPT >net $FW ACCEPT >dmz $FW ACCEPT >net loc ACCEPT >loc net ACCEPT >dmz loc...

...39;statler'' 130.241.25.165, and an OpenVPN tunnel 10.4.0.1] Now, i have set a rule on statler ACCEPT vpn $FW tcp smtp and i have as below. root@statler:/etc/shorewall# cat zones | grep -v ^# net Net Internet loc Local Local networks dmz DMZ Demilitarized zone vpn VPN Remote Subnet root@statler:/etc/shorewall# cat interfaces | grep -v ^# net eth0 detect vpn tun1 detect root@statler:/etc/shorewall# cat tunnels | grep -v ^# openvpn:1194 net 0.0.0.0/0 root@statler:/etc/shorewall# root@statler:/etc/shorewall# shor...

...it, or it doesn''t apply to me. Here is my config: Zones: #ZONE DISPLAY COMMENTS net Net Internet pptp PPTP PPTP Clients (192.168.17.40-49) loc Local Local networks dmz DMZ Demilitarized zone Interfaces: #ZONE INTERFACE BROADCAST OPTIONS net eth1 detect routefilter,blacklist,tcpflags loc eth0 detect dhcp Hosts: (BTW, is there a way to indicate a range?) #ZONE HOST(S) OPTIONS pptp eth0:192.168.17.40 pptp eth0:1...

Hi, I''m a long time shorewall user and I like it very much. There is only one thing were I''m not always happy with: the config files. There has been discussion on the list about the comments in the files. My concern is that I loose overview over my configuration because of the many config files. Of course there are advantages too but I thinking wether another config format would

...using TCPONLY and when it is NOT using tcponly. If client A tries to reconnect, it doesnt work unless you restart TINC. Client B never works properly at the same time. There are home routers in front of client A and B, but it connects through them. Still the same problem when you put them in the demilitarized zone (DMZ) or when you forward tcp/udp 655. I have had Client A work properly with other TINC demons (client D, E, F.. etc) at the same time. Their configurations are all the same, with the exception of the first subnet= line, (the IP address that they have). Server A is open to the world as the...

...~~~~~~~~~~ /etc/shorewall/proxyarp xx.xx.xx.41 eth2 eth0 No xx.xx.xx.44 eth2 eth0 No /etc/shorewall/masq eth0 192.168.110.0/24 xx.xx.xx.43 /etc/shorewall/interfaces net Net Internet loc Local Local Networks dmz DMZ Demilitarized Zone /etc/shorewall/rules ACCEPT net dmz:xx.xx.xx.41 tcp 25 ACCEPT fw dmz:xx.xx.xx.41 tcp 25 ACCEPT loc dmz:xx.xx.xx.44 tcp 25 ACCEPT loc dmz:xx.xx.xx.44 tcp 110 ACCEPT dmz:xx.xx.xx.44 net...

Hello, I have read the getting started guides, FAQ, etc, so if your response to the following is RTFM, please at least refer me to the appropriate one :) I have shorewall set up as follows: zones: net Net Internet loc Local Local networks dmz DMZ Demilitarized zone policies: loc net ACCEPT dmz net ACCEPT net all DROP info all all REJECT info interfaces: loc eth0 detect dhcp I interpret this to mean that eth0 is in the local zon...

...with shorewall. Since yesterday I get syn flood attacks on port 25, which means that no longer meet. How can I stop this with shorewall? my setup is as follows. zones: #ZONE DISPLAY COMMENTS net Net Internet loc Local Local networks dmz DMZ Demilitarized zone interfaces: #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect tcpflags,blacklist,routefilter policy: #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST (we must put here?) loc net ACCEPT $FW net ACCE...

...OPTIONS net eth0 detect routefilter,nosmurfs loc eth1 detect dhcp dmz eth2 detect vpn1 tun0 In zones: #ZONE DISPLAY COMMENTS net Net Internet loc Local Local Network dmz DMZ Demilitarized Zone vpn1 VPN VPN1 user I have tried these rules out of desperation as well but they did not work so I took them out. ACCEPT net vpn1 udp 5000 ACCEPT vpn1 net udp 5000 So I am confused as to what is happening shouldn''t the tunnel definition open up the correct port? Can a...

...l/start]----------------------------------------------- run_iptables -I OUTPUT 2 -m state -p icmp --state INVALID -j DROP #[/etc/shorewall/zones]----------------------------------------------- net Net Internet Blixer loc Local Rete Locale Ivrea dmz DMZ Demilitarized zone @@@@@@@ this is a portions of debug of shorewall script ... + iptables -A loc2fw -m state --state ESTABLISHED,RELATED -j ACCEPT + eval loc2fw_exists=Yes ++ loc2fw_exists=Yes + ''['' www = none -o www = None -o '''' = none -o '''' = None -o ...

...l/start]----------------------------------------------- run_iptables -I OUTPUT 2 -m state -p icmp --state INVALID -j DROP #[/etc/shorewall/zones]----------------------------------------------- net Net Internet Blixer loc Local Rete Locale Ivrea dmz DMZ Demilitarized zone @@@@@@@ this is a portions of debug of shorewall script ... + iptables -A loc2fw -m state --state ESTABLISHED,RELATED -j ACCEPT + eval loc2fw_exists=Yes ++ loc2fw_exists=Yes + ''['' www = none -o www = None -o '''' = none -o '''' = None -o ...

Hi, i wonder if there is any need to install shorewall on a machine located in the dmz zone of shorewaal. ( 3 interfaces example) mess-mate -- You are a fluke of the universe; you have no right to be here. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE