search for: dmzs

I work at a large financial institution (AXA) and we have a large number of DMZs for our partner and internet-facing servers. The only access to the various DMZs is via SSH and no DMZ-initiated connections are allowed back to the internal network. I''d consider putting a Puppet server in the DMZ but no communication is allowed between DMZs either. Has anyone tried...

I am trying to build a firewall and from my reading of the list archives and other places, I''m worried about unintended interactions between iptables and iproute2. Here is my situation I have an internal network on eth0 and two separate dmzs on eth1 and eth2 respectively (a wireless network and a kiosk). On the outbound side, I have a cablemodem provider and a dsl provider. What I need is to set up routing such that the internal network goes out on the dsl, while the dmzs go out on the cablemodem. What would be the best approach t...

...ient-accessible Internet servers. Currently, both these networks, and our internal LAN, (and all of our IPSec-connected remote offices) are all subnets in the 10.* range, and NATted to the outside. I''m using Shorewall on RH9 (Linux 2.4) to handle the firewalling and SNAT/DNAT for the DMZs and NAT for the LAN, and FreeS/WAN for the IPSec WAN. What I would _like_ to do is build an "invisible" firewall between the routers provided with each of the three T-1 lines (yes, each T has it''s own Cisco 2600-series router). Ideally, two, in some sort of fail-over config...

I have a pretty simple setup. I''ve got a linux nat box, with some internal hosts. I''ve also got some servers in a dmz. It looks something like this: Internet | (external network) | | | | linux dmz nat hosts |

...n Spam There are 5 messages in Non-Spam Here's the script: ######################################################################################### #!/usr/bin/perl # # Process mail from imap server shared folder 'spam' & 'not-spam' through spamassassin sa-learn # dmz at dmzs.com - March 19, 2004 # http://www.dmzs.com/tools/files/spam.phtml # LGPL # # Things to try if it doesn't work # 1) Turn debug onto 1 and see if you connect to imap server ad get messages (yes i could have made a command line flag, just didn't see the need once I got it working :) # 2) Che...

...howmacs & on the switch) What bothers me most is that it worked fine up until Sunday. I was even out of town for a few days before so I didn''t change anything. Also, why does it work for a while after reboot? My setup is not that strange. I have one domu as firewall and another in two DMZs so I have my own network-bridge script that calls the stock opensuse script for i in $(seq 0 4); do $dir/network-bridge "$@" vifnum=$i netdev=eth$i bridge=xenbr$i /usr/sbin/ethtool -K eth$i tx off done and this gives # brctl show bridge name bridge id STP...

...ord .... http_admin 1 #icydir www.oddsock.org #icydir yp.shoutcast.com #icydir yp.breakfree.com #icydir yp.musicseek.net #icydir yp.van-pelt.com #icydir yp.radiostation.de #directory www.oddsock.org:80/cgi-bin/yp-cgi directory yp.icecast.org #directory yp.mp3.de #directory yp.dmzs.com #directory icecast.linuxpower.org touch_freq 5 hostname ormgas.com port 8000 port 8001 server_name ormgas.com force_servername 1 logfile icecast.log accessfile access.log usagefile usage.log logfiledebuglevel 0 consoledebuglevel 0 console_mode 3 client_timeout 30...

...ote to Remote support. And wondering if there was any plans to add this into OpenSSH? Specifically I am talking about this e-mail: https://lists.mindrot.org/pipermail/openssh-unix-dev/2005-May/022953.html The situation I find myself in is I can SSH into two of our servers sitting in two different DMZs from out Bastion host, however the two servers are unable to contact each other, nor are they able to SSH back to the Bastion host. Of course since this is a BH, it has no locally writable space so I am unable to copy them locally. The "tar" solution in the above e-mail works, albeit a...

...with six network cards. eth0 is the internal network, eth1 is a kiosk network, eth2 is a DMZ/wireless network. On the outbound side, eth3 is a DSL connection and eth4 is a cablemodem connection. What I am trying to do is route all internal traffic out the DSL connection (eth0 to eth3), and the two dmzs, kiosk and wireless out the cable connection (eth1 and eth2 to eth4). Thus far as I have been unable to get this to work. For the sake of the discussion, the internal network is 10.1.1.0/24, the kiosk is 172.16.1.0/24 and the dmz/wireless is 192.168.1.0/24. The dsl line is 1.2.3.4 and the cable li...

...Version: -current Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy: slice1900 at hotmail.com A lot of people use SSH for DMZs, and thus you have to ssh through several hosts (4 hops through one environment I'm familiar with!) It would be nifty to see syntax something like: ssh user1 at hop1/hop2/hop3/user4 at hop4 reboot This would ssh to hop1 as user1, then to hop2 as user1, then to hop3 as user1 and then hop4 as...

I just started digging into puppet and it looks like puppet is using a pull model. You have a master server and clients talk to it to get config info. Is anyone out there using a push model? If not, why not? Are there security reasons you would use one over the other? It seems that cfengine also uses a push model, so I wondered if this is a "standard" or if there are specific

On Tue, 2015-02-03 at 13:16 +1100, Kahlil Hodgson wrote: > A DMZ in this context is a network that has been isolated from the > rest of your local network. You can access it from your local > network, it can access the rest of the world, but it can't access your > network. The idea is that, if a machine in the DMZ is compromised, it > can only access other machines in the

I have a Smoothwall server on my network and am running three network interfaces off it. 1) local LAN 192.168.0.0 with PCs and an internal dovecot server on 192.168.0.154. 2) internet interface 3) DMZ 192.168.2.0 which has a linux web server 192.168.2.1 on which I want to install a webmail so I can access my email remotely. Originally 192.168.2.1 couldn't see the 192.168.0.0 network but with

Hi all, Currently at work we use a commercial product called "Gnatbox", which, I believe, is a BSD derivative running on a floppy disk. They have a pretty UI and all, but I''d feel much safer/happier with a GNU/Linux box and Shorewall doing the same thing. In fact, I''m doing something very close to this at home using Openwrt and Shorewall on my WRT54G router, but I

The 3.1 Beta is now available -- check the Shorewall home page. -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

--- In english --- Hello! I am to implement a new architecture of the network in my company but I do not know right where to start ... need help! Currently 90% of my servers are virtual machines under Xen. I have many valid IP networks and all Hypervisors are configured in bridge mode, to simplify. We have 3 VMWare ESX Hypervisor also in bridge mode. Some networks are exclusive to certain

Quick thought, if the fields are separated by "," & a title/artist/.. has a comma in it then it causes a few problems with parsing. Likewise if there are multiple streams it might be nice to have each stream in it's own line so it is easier to grab the info. Also, status.xsl displays streams even after they have been stopped. dmz --- >8 ---- List archives: