search for: dmz0

.... I do not want to allow ping by default from internet. I have not copied the files action.drop and action.reject into /etc/shorewall. Nor I have a AllowPing rule in rules file. The policy file is pasted below. #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST #loc net ACCEPT net all DROP info dmz0 net ACCEPT info dmz1 net ACCEPT info fw net ACCEPT info fw dmz0 ACCEPT info fw dmz1 ACCEPT info dmz0 fw ACCEPT info dmz1 fw ACCEPT info dmz0 dmz1 ACCEPT info all all REJECT info Just thought you could enlighten Thanks Siva This email contains Indsc...

I would like to add a rule allowing only the address 192.168.150.20 and the range of addresses from 192.169.150.100 to 192.168.150.150 in zone dmz0 to connect to two terminal servers in the local zone. Is there a syntax that can specify a range of addresses in the rules file? Do I have to enter each one separately? -- Stephen Carville Unix and Network Adminstrator DPSI 6033 W.Century Blvd. Los Angeles, CA 90045 310-342-3602

...shorewall. I have two ISP''s (with separate routing tables), two DMZ''s, at least one VPN to a remote office, and a local trusted network. The configuration will look like: +----------------+ | | net0 ----------+ eth1 eth3 +---- DMZ0 (~20 nodes) | | net1 ----------+ eth2 eth4 +---- DMZ1 (~5 nodes) | eth0 | +--------+-------+ | | Local (~120 nodes) The 1.544 M$ question is can Shorewa...

...with the two other physical interfaces plus a dummy interface tied to "untethered" bridges (as I also have physical switches plugged into the "LAN" and "DMZ" interfaces). Here is what the ''/etc/network/nterfaces'' file looks like: auto br-lan0 br-dmz0 br-adm0 iface br-lan0 inet manual bridge_ports eth0 iface br-dmz0 inet manual bridge_ports eth1 iface br-adm0 inet static address 10.253.3.2 netmask 255.255.255.0 gateway 10.253.3.1 bridge_ports dummy0 the ''br-adm0'' bridge is for remote administr...

Hello! We have samba 3.0.23d PDC and windows 2003 terminal server as samba domain member. And we have mapped group with about 170 members. We found that last added users (looks like last member of group) can't connect to windows server, i.e. they are not recognized by windows as group members. How can we check that this is samba problem , not windows problem?

...-- router1 | lan2----------| lan1 use router1, lan2 router2. The linux default gw is set to router2, lan2 browse internet without any problem (icmp, tcp..). Lan1 is blocked. >From lan1 i can ping router1, and i''ve set this iproute rules: ip route add 10.0.0.0/24 dev dmz0 table cnet ip route add 195.43.x.x dev bad0 table cnet (firewall interface ip address connected to router1) ip route add 192.168.1.0/24 dev lan0 table cnet ip route add default via 195.43.x.x dev bad0 table cnet (router1 ip address) ip rule add from 195.43.x.x/29 lookup cnet ip rule add to 195.43....

...route script: ISP1_NET="x.x.x.192/29" ISP1_IP="x.x.x.195" ISP1_GW="x.x.x.193" ISP1_IF="bad0" ISP2_NET="x.x.x.96/29" ISP2_IP="x.x.x.98" ISP2_GW="x.x.x.97" ISP2_IF="bad1" DMZ_NET="192.168.0.0/24" DMZ_IF="dmz0" LAN_NET="10.0.0.0/24" LAN_IF="lan0" SERVER_MAIL="10.0.0.50" SERVER_1="10.0.0.10" SERVER_2="10.0.0.2" SERVER_3="10.0.0.3" /sbin/ip rule add fwmark 100 table ISP2 /sbin/ip rule add fwmark 101 table ISP1 /sbin/ip route add $ISP1_NE...

...want outgoing port 25 from my mail server to appear on the address 65.223.121.227 so I created the file masq: eth2 192.168.124.18 65.223.121.227 tcp 25 eth1 eth5 eth1 eth3 eth1 eth4 eth1 == net0 == 209.189.103.196/27 eth2 == net1 == 65.223.121.237/28 eth3 == dmz0 eth4 == dmz1 eth5 == loc == 192.168.124.249/24 (Yes I know the danger of having a production server in the local network. I inherited this setup and I am trying to fix it) 65.223.121.227 is on eth2:1 Shorewall restarts cleanly and I see in the status: 0 0 SNAT tcp -- * *...

...OADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc > noqueue state UP group default qlen 1000 > link/ether 00:c1:2a:15:5c:fe brd ff:ff:ff:ff:ff:ff link-netnsid 0 > inet 10.10.18.50/24 brd 10.10.18.255 scope global native0 > inet6 fe80::2c1:2aff:fe15:5cfe/64 scope link > 46: dmz0 at if47: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > state UP group default qlen 1000 > link/ether 00:c1:b1:ea:6c:fe brd ff:ff:ff:ff:ff:ff link-netnsid 0 > inet 10.10.11.50/24 brd 10.10.11.255 scope global dmz0 > inet6 fe80::2c1:b1ff:feea:6cfe/64 scope l...

Hi All, I have a very weird issue on one of my servers. I think I might just be missing something quite obviously... I will post the config files at the bottom I have a brand new Debian server running as an LXC container > root at ho-vpn-ctx-ac01:~# lsb_release -a > No LSB modules are available. > Distributor ID: Debian > Description: Debian GNU/Linux 9.8 (stretch) >

...mtu 1500 qdisc noqueue state UP group default qlen 1000     link/ether 00:c1:2a:15:5c:fe brd ff:ff:ff:ff:ff:ff link-netnsid 0     inet MailScanner warning: numerical links are often malicious: 10.10.18.50/24 brd 10.10.18.255 scope global native0     inet6 fe80::2c1:2aff:fe15:5cfe/64 scope link 46: dmz0 at if47: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000     link/ether 00:c1:b1:ea:6c:fe brd ff:ff:ff:ff:ff:ff link-netnsid 0     inet MailScanner warning: numerical links are often malicious: 10.10.11.50/24 brd 10.10.11.255 scope global dmz0     ine...

Hi, In a routed network environment, without the router , we want to use the shorewall as the firewall/router. The ISP has assigned the following set of IP addresses. WAN IP for subnet 1 (DATA) 220.227.202.X/30 ( to be assigned to eth0 of the shorewall) WAN IP for subnet 2 (Voice) 220.227.202.Y/30 ( to be assigned to eth1 of the shorewall) Addresses assigned for Subnet 1 by

...mtu 1500 qdisc noqueue state UP group default qlen 1000     link/ether 00:c1:2a:15:5c:fe brd ff:ff:ff:ff:ff:ff link-netnsid 0     inet MailScanner warning: numerical links are often malicious: 10.10.18.50/24 brd 10.10.18.255 scope global native0     inet6 fe80::2c1:2aff:fe15:5cfe/64 scope link 46: dmz0 at if47: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000     link/ether 00:c1:b1:ea:6c:fe brd ff:ff:ff:ff:ff:ff link-netnsid 0     inet MailScanner warning: numerical links are often malicious: 10.10.11.50/24 brd 10.10.11.255 scope global dmz0     ine...