search for: dmz2loc

...EPT info I could use 3389 remote desktop to loc Windows 2003 server but couldn''t use SSH (22 port) to loc Linux server. Also I tried open that two ports in rules file but still couldn''t made the connection between dmz to loc. Here is the log, the log displayed dmz2loc was ACCEPT: Apr 26 18:40:33 shorewall kernel: Shorewall:dmz2loc:ACCEPT:IN=eth0 OUT=eth1 SRC=192.168.0.14 DST=172.16.1.245 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=8559 DF PROTO=TCP SPT=3799 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0 Thanks --------------------------------- 出差或去旅遊時，你可...

...9.164 dst=10.10.10.1 sport=2071 dport=69 [UNREPLIED] src=10.10.10.1 dst=4.28.99.164 sport=69 dport=2071 mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=2 But it appears that the replies from the client are still being blocked, e.g.: Oct 16 10:17:34 inferno kernel: [1841301.871809] Shorewall:dmz2loc:REJECT:IN=em2 OUT=em1 MAC=00:b0:d0:df:e3:1e:00:22:19:1d:0c:a4:08:00 SRC=4.28.99.164 DST=10.10.10.1 LEN=32 TOS=0x00 PREC=0x00 TTL=19 ID=17 PROTO=UDP SPT=2072 DPT=35350 LEN=12 Any idea why the client replies are being blocked? Thanks, Orion -- Orion Poplawski Technical Manager...

In a previous thread, Tom listed advantages (reproduced below) of Proxy ARP over NAT. They are great reasons, but I have one reservation. By using private addresses with NAT for servers in my DMZ, I can granularly allow specific traffic, such as to/from the SMTP gateway/relay in the DMZ, to connect inbound from the DMZ to an internal (LOC) mail server, and know that it comes only from a

...0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dmz2loc (1 references) pkts bytes target prot opt in out source destination 113 47638 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 LOG tcp -- * * 0.0.0.0/0 192.168.110.4...

...0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 3220 288K dmz2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dmz2loc (1 references) pkts bytes target prot opt in out source destination 537K 144M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 7 790 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02...

...0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 3220 288K dmz2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dmz2loc (1 references) pkts bytes target prot opt in out source destination 537K 144M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 7 790 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02...

Hello all, I''ve read the shorewall guides and browsed through the mailing lists, but I haven''t been able to find out if the following is possible or not using shorewall. Our provider has given us 16 IPs + 4 in a separate range for our uplink. I would like to replace that router with a Linux box running shorewall with three interfaces. I want the DMZ to be a standard, routed

...all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22,8080,3000 4 968 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dmz2loc (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0...

I apologize for the first message. :) --------------------------------------- I have an FTP server running in the DMZ section of my home network. It uses port 23000 for connection and ports 19990 to 19994 for data transfer. I have setup the following rule for outside people to connect to it: DNAT net dmz:192.168.2.2 tcp 23000 I''m at work right now and I can''t use

...dpt:3401 0 0 ACCEPT udp -- * * 202.124.35.36 0.0.0.0/0 udp dpt:3401 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5555 29 2088 all2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dmz2loc (1 references) pkts bytes target prot opt in out source destination 2818 676K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 AllowPing all -- * * 0.0.0.0/0 0.0.0.0/0 0...

...CEPT udp -- * * 192.168.2.1 0.0.0.0/0 state NEW udp dpt:123 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp spt:20 0 0 all2all ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain dmz2loc (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0...

...tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22,8080,10000 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:10000 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dmz2loc (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0...

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer