search for: dmz

I have a three interface network (net,loc,dmz). The internet interface (eth0) has a static IP. Windows machine in the local network (eth1) use DHCP to get IPs from the 192.168.10.0/24 netblock. The Debian machine in the DMZ (eth2) gets a fixed IP through DHCP in the 192.168.11.0/24 netblock. The DHCP server is running on the firewall mac...

...ugh the mailing lists, but I haven''t been able to find out if the following is possible or not using shorewall. Our provider has given us 16 IPs + 4 in a separate range for our uplink. I would like to replace that router with a Linux box running shorewall with three interfaces. I want the DMZ to be a standard, routed network segment while the internal network is MASQd. To that end, I''ve set all policies to allow so that there are fewer points of failure. I thought a setup like this wouldn''t be difficult to configure, however I cannot ping or connect into any box on t...

...om my ISP. My current setup is that I have one system with three network cards, (eth0 = xx.xx.xx.42, eth1 = 192.168.110.41 eth2 = 10.10.10.41), two systems with two network cards, (eth0 = xx.xx.xx.41 and eth1 = 10.10.10.42/44), I want to get rid of the eth1 of the two systems and place them in the dmz using proxyarp within shorewall. All the eth0 and the DSL modem is all plugged into a linksys 10/100mb switch, all the eth2''s (DMZ 10.x.x.x) are plugged into another linksys 10/100/1000mb switch and the eth1 (Loc 192.x.x.x) are plugged into another 10/100mb switch. I know that this is n...

thanks again for your sharp eye and speedy response. i have corrected the typos in the IP in the masq file. I am sorry to have to ask for more help but my pc''s on the local network can''t reach the dmz webserver using the webserver''s local or Public IP address. I need to be able to do this in order to test the split DNS setup for the network. Using ethereal on the firewall, i can see the packets going from the local pc to the dmz server. using IPTRAF on the dmz server, i can see the SY...

...owing happened.. and I wonder why it didn''t complain? I am sure I am just misunderstanding some doc which tells me why this happened? argus:~# shorewall check Processing /etc/shorewall/params ... Verifying Configuration... Loading Modules... Determining Zones... Zones: net loc dmz dmb Validating interfaces file... Validating hosts file... Determining Hosts in Zones... Net Zone: eth0:0.0.0.0/0 Local Zone: eth1:0.0.0.0/0 DMZ Zone: eth2:0.0.0.0/0 DMB Zone: eth3:0.0.0.0/0 Validating rules file... Rule "DNAT loc dmz:213.212.33.20 tcp smtp - 192.168.22...

...ide for multiple IP addresses and modifications suggested by the Aliased Interfaces Guide. I want to set up a shorewall 2.08 router for my home (Fedora Core 2 / kernel 2.6.8-1.521). I want share an internet connection with some pc''son a local protected network and host two servers in a DMZ providing http / imap/ snmp / dns services. The router''s eth0 will be assigned the public address of 66.17.65.22 and an alias eth0:0 with address of 66.17.65.161. Conceptually SERVER #1 will have a local address: 192.168.202.7 and receive DNAT for public address 66.17.65.22 and SERVER #2...

Hello We are using old version ( shorewall-3.0.7-1) with Centos 5.3 The shorewall has three zones (net / loc / dmz). Loc can access to internet with no problem and can access to DMZ. DMZ can''t access to internet. Net can''t access to DMZ with NAT. I tried to restart the machine / check Lan card / check cable , they were work find. Is it DMZ Lan card problem? but it can start at Centos ......

Hopefully this is an easy question.... I''m using a leaf router (bearing) running shorewall. Three interfaces net, loc, and dmz. Only one computer in the dmz and its being proxy arp''d. External and internal (net and loc) can reach the dmz but the dmz cannot reach the isp''s gateway and beyond, but can reach a system adjacent to the firewall. HUB adj System -- |...

We are using Shorewall 2.0.8 with SuSE 9.1 and have built a bridging firewall primarily to defend against syn flood and smurf DoS attacks. We are a small ISP using Cisco routers for a total of 5-6 subnets. Since bridges are based on use of MAC addresses, if we could use one bridging firewall system instead of 5-6 ... is this possible? practical? (Other than introducing a single point of failure

...n fedora core 2 using the shorewall rpm and the Shorewall Setup Guide for multiple IP''s using a stock configuration except for AllowDNS and AllowWeb on the firewall (so i can post this message). my shorewall status file is attached. my setup 69.17.65.105 = firewall 69.17.65.22 = dmz server 1 69.17.65.161 = dmz server 2 my local network is 192.168.0.0/24 using IP address (no name resolution) i am unable to browse the servers in the DMZ from the LOC network. my files are: /policy: #SOURCE DEST POLICY LOG LIMIT:BURST #...

i have no idea how to definie for a parallel zone the host file if the second zone (net) should be the composition of the first zone (dmz). i tried all the following combinations in the interface and host files: interface: - eth0 - (variante 1) - eth0 192.168.0.255,255,255,255,255 (variante 2) - eth0 192.168.0.255,!192.168.0.255 (variante 3) hosts: dmz eth0:192.168.0.0/24 maclis...

...ails... -Derek -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Derek Murawsky Sent: Thursday, June 16, 2005 6:23 PM To: Mailing List for Shorewall Users Subject: RE: [Shorewall-users] Setting up a routed DMZ Alex, It''s my understanding that in a routed environment, proxy ARP should be unnecessary. My ISP has a route to the 38.116.45.144/28 network through 68.28.28.78 (my firewall''s outside IP). My firewall has a static route to that network since it''s on a directly attach...

Hi everyone, I have a question regarding the default gateway for hosts on DMZ zone. I moved servers from parallel to the DMZ (outside the firewall, directly connected to I-net) to inside DMZ. The default gw for these servers was the DSL router(bridge) of my ISP. What should be the default gw (for the hosts inside the DMZ), when hosts are inside the DMZ now - still the DSL...

Hey Tom, I have successfully set up to servers on a Dmz practice network woohoo :). If I take out the proxyarp option in /etc/shorewall/interfaces Then Dmz can ping outside ip''s on the net but not and of my servers on network 66.224.62.96/27 (Other than its own gateway server 66.224.62.120) The reason I ask is to learn. I thought I would...

net dmz:192.168.0.1 tcp 80 I forgot to mention that this should be put to rules file, sorry. _____ Von: Michael Weickel - iQom Business Services GmbH [mailto:mw@iqom.de] Gesendet: Dienstag, 2. Februar 2010 17:37 An: ''Shorewall Users'' Betreff: AW:...

...y under high load (ZFS scrub for example), the box becomes non-responsive (it continues to respond to ping but nothing else works -- not even the local console). Our only solution is to hard reset after which everything comes up normally. Logs are showing the following: Jan 8 09:44:08 prodsys-dmz-zfs2 scsi: [ID 107833 kern.warning] WARNING: /pci at 0,0/pci8086,3410 at 9/pci1000,72 at 0 (mpt_sas0): Jan 8 09:44:08 prodsys-dmz-zfs2 MPT SGL mem alloc failed Jan 8 09:44:08 prodsys-dmz-zfs2 scsi: [ID 107833 kern.warning] WARNING: /pci at 0,0/pci8086,3410 at 9/pci1000,72 at 0 (mpt_sas...

Hi, I''m a long time shorewall user and I like it very much. There is only one thing were I''m not always happy with: the config files. There has been discussion on the list about the comments in the files. My concern is that I loose overview over my configuration because of the many config files. Of course there are advantages too but I thinking wether another config format would

I am trying to add a machine into my dmz. It is the first machine I''ve ever added to this dmz and fro some reason I cannot establish communication between the dmz and the machine. Here is an example of my setup: ISP router --> firewall (eth0) firewall (eth1) --> local network firewall (eth2) --> DMZ eth0 and eth2 hav...

...is wrog in my config, somebody can help me please. this is my rules files #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT GROUP DNAT net dmz:10.0.0.3 udp 53 - 64.254.229.226 DNAT net dmz:10.0.0.3 tcp 53 - 64.254.229.226 DNAT net dmz:10.0.0.4 udp 53 - 64.254.229.227 DNAT net dmz:10.0.0.4 tcp 53 - 64.254.229.227 DNA...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, Can someone refresh my memory on the difference between the following (where dmz contains an RFC 1918 address host)? ACCEPT net dmz tcp 80 - all DNAT net dmz tcp 80 I''m trying to generate a script for maintaining multiple interconnected firewalls from shared policy, rules, and zone files, and i can''t remember which of the abov...