search for: haverout

Hi everybody. I''m trying to configure shorewall folowing this manual: http://www.montanalinux.org/proxmox-ve-with-shorewall.html But with shorewall check it tells me thah: Checking /etc/shorewall/interfaces... ERROR: Unknown zone (dmz) : /etc/shorewall/interfaces (line 16) How can I define it in the zone file? thanks for the help. best regards, Santiago.

There have been a number of questions recently about Shorewall 2.0 and routing. In earlier posts, I said that Shorewall 2.0 would no longer alter the routing table as part of setting up Proxy ARP. I have been persuaded to take a different approach. In Shorewall 2.0.0-Alpha2, the HAVEROUTE column has been restored to the proxyarp file and a new PERSISTENT column has been added. If the HAVEROUTE column contains "No" then a "Yes" in the PERSISTENT column will cause the route added by Shorewall during "shorewall [re]start" to remain after a "shore...

The Shorewall support page advocates including the output of "shorewall status" with problem reports that involve some sort of connection problem. I suspect that the number of people who feel comfortable analyzing problems through use this output is small. To help, I''ve created http://shorewall.net/AnalyzingShorewallStatus.html I suspect that the document isn''t

Please see https://bugzilla.redhat.com/show_bug.cgi?id=727648 for more info. Shorewall executes some bash code like the following: while read address interface external haveroute; do qt $IP -4 neigh del proxy $address dev $external [ -z "${haveroute}${g_noroutes}" ] && qt $IP -4 route del $address/32 dev $interface f=/proc/sys/net/ipv4/conf/$interface/proxy_arp [ -f $f ] && echo 0 > $f...

...m what I understand I use the same IP on the NET and DMZ interfaces. I don''t want to use proxy-arp on 400 server IPs working from the example: # DMZ interface -- After the interface is up, add a route to the server. This allows the ''Yes'' setting # in the HAVEROUTE column of /etc/shorewall/proxyarp above. auto eth1 iface eth1 inet static address 206.124.146.176 netmask 255.255.255.255 broadcast 0.0.0.0 up ip route add 206.124.146.177 dev eth1 # Internet interface -- After the interface is up, add a route to the Westell 2200...

...rfaces setup as follows. (ips not actual) Adjacent System IP: 24.2.2.202 GW 24.2.2.1 fw net: IP: 24.2.2.200 GW 24.2.2.1 fw dmz: IP: 192.168.2.1 Proxy arp''d compter in dmz IP 24.2.2.201 GW 24.2.2.1 Config files: Policy No entry for dmz Proxy Arp Address Interface external haveroute 24.2.2.201 eth2 eth0 no Rules ACCEPT dmz net tcp 53,21,22,25,80,110 ACCEPT dmz net udp 53 ACCEPT dmz net icmp 8 ACCEPT net dmz tcp 53,21,25,80,110 ACCEPT net dmz udp 53 ACCEPT net dmz icmp 8 ACCEPT loc dmz tcp 21,22,25,110,80...

...ernal NIC. No messages were logged to indicate dropped / rejected packets. Log messages were generated normally for other traffic types. I checked the routing table and Shorewall was generating the correct entry. The proxy ARP was setup in /etc/shorewall/proxyarp with ''no'' in the HAVEROUTE column. The firewall had both the latest versions of shorewall and RH errata. I upgraded iptables to the version given on the shorewall FTP site. Anyway.. no luck there. In desperation I upgraded to RH 7.3, and proxy ARP was working however the firewall machine was hanging after a few minutes o...

...elp me with this problem: My host on the DMZ is inaccessible from the WAN on port 25. I tried to telnet but getting: $ telnet 66.58.99.84 25 Trying 66.58.99.84... telnet: Unable to connect to remote host: No route to host My shorewall/proxyarp is: #address interface external haveroute 66.58.99.82 eth1 eth0 No 66.58.99.84 eth1 eth0 No And the routing is: # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 66.58.99.84 0.0.0.0 255.255.255.255 UH 0...

...e an IP-range assigned from my ISP that will be used on my servers connected to eth1. The IP-range is routed thru the access-IP. This is how my configfiles look like. Internal everything seems to work but not external. /etc/shorewall/proxyarp #ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT 213.115.134.1 eth1 eth0 No 213.115.134.2 eth1 eth0 No 213.115.134.3 eth1 eth0 No 213.115.134.4 eth1 eth0 No /etc/shorewall/interface #ZONE INTERFACE BROADCAST OPT...

http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

...eaa:78ea/64 scope link valid_lft forever preferred_lft forever 8: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 /etc/shorewall/proxyarp ############################################################################ ## #ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT 194.19.34.115 eth1 eth0 NO /etc/shorewall/interface ############################################################################ ## #ZONE INTERFACE BROADCAST OPTIONS # net eth0 detect norfc1918 loc eth2...

Hello list, Here is a setup of my network: eth0 <-> router1 <-> eth2 --- wifi --- eth2 <-> router2 <-> eth0 | | eth1 eth1 Router1: eth0 - Internet connection eth1 - Local network (network 10.1.1.0/24) eth2 - Wireless AP (network 10.1.10.0/24) Router2: eth0 - Internet

In an effert move my Dmz from a snapqear roouter to Linux with shorewall. Question is I have network 64.42.53.200/29 which makes default gw 64.42.53.201 network 64.42.53.200 broadcast 64.42.53.207 mask 255.255.255.248 and I want to set up shorewall with eth0 64.42.53.202 eth1 local eth2 dmz where dmz will use say 64.42.53.203 for web and email server. Where I do not need or should I say use

...default via 67.40.108.70 dev eth1 adsl2 67.40.108.40 dev eth2 scope link src 67.40.108.41 default via 67.40.108.46 dev eth2 I have the dmz set up to use proxyarp from eth4 to eth2. A proxy arp rule that I''m trying to test is as follows: #ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT 67.40.108.44 eth4 eth2 no yes When trying to test the dmz using an external computer, the log shows: May 15 12:06:32 gateway kernel: martian source 67.40.108.44 from 216.83.137.157, on dev eth2 May 15 12:06:32 gateway kernel: ll header: 00:0...

Hi- One last question for the week, I promise. I''ve got one IP ProxyArp''d according to the instructions at http://www.shorewall.net/ProxyARP.htm. I''ve setup the shorewall/proxyarp file as follows: #ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT 208.4.145.73 br0 eth1 no yes #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE The ADDRESS is an unused IP in my public subnet, the INTERFACE is a bridge between eth0 (internal nic) and tap0 (virtual interface for OpenVPN). I have a...

I''ve got a serious mess of NAT on our firewall/router systems at the corporate office which seems to do nothing other than confuse the heck out of people. What I''d like to do is gradually migrate the hosts on the various DMZ networks away from private IP addresses and NAT over to public IP addresses and proxyarp. What I''m wondering, before I start this, is how do I

...2.168.0.2 dev eth1 scope link 192.168.0.5 dev eth1 scope link 192.168.0.6 dev eth1 scope link 10.0.0.0/24 dev eth1 proto kernel scope link src 10.0.0.1 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.4 default via 192.168.0.1 dev eth0 proxyarp :- #ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT 192.168.0.2 eth1 eth0 No Yes 192.168.0.3 eth1 eth0 No Yes 192.168.0.5 eth1 eth0 No Yes 192.168.0.6 eth1 eth0 No Yes 192.168.0.8 eth1 eth0 No Yes 192.168.0.10 eth1 eth0 No Yes Regards Stewart -- Stewart Outram UK

Hello, I''m not sure if this has been asked before but I would like to ask assistance for this problem I have. I installed gentoo for my firewall/gateway and installed dhcp and shorewall. Currently, I can ssh, ftp, remote desktop connect, ping, etc (anything I can think of) from an internal computer inside my network to an external IP, except I cannot surf the net. I can ssh/ftp to

Okay, so I''m trying to setup my multiple ISP setup that I described earlier. I have: # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP>

While I''m in temporary retirement, I''ve decided spend a little time experimenting with new things and making some updates to the web site. The biggest result of this effort to date has been: http://shorewall.sf.net/Shorewall_Squid_Usage.html This outlines how to use Squid as a transparent proxy running on the firewall, in the DMZ or in the local network. In the latter two