search for: shorewall_setup_guid

I''m working on shorewall_setup_guide.htm -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Hi all! I''ve set up a Linux box with shorewall doing proxy arp as per http://www.shorewall.net/shorewall_setup_guide.htm#ProxyARP the 5.2 (non routed) example. Everything is working great except for one thing, and that leads me to my question: is there a conflict between proxy arp and pptp? I''ve set the apropriate ACCEPT rules to allow tcp port 1723 and protocol 47 to the host on the dmz, but no luck. I...

Hi, I have two public ip''s and i want to dedicate one ip for incoming and outgoing to one server. I followed http://www.shorewall.net/shorewall_setup_guide.htm and used the example of the daughter system. I have a machine connected on vmbr0 with address 10.10.10.1 listening on port 80 www. Still I can''t connect to this system. I''m forgetting something? Sincerely, Selvam Matthys my interface file: auto eth0 iface eth0 inet static...

Hi everyone, I have a question regarding the default gateway for hosts on DMZ zone. I moved servers from parallel to the DMZ (outside the firewall, directly connected to I-net) to inside DMZ. The default gw for these servers was the DSL router(bridge) of my ISP. What should be the default gw (for the hosts inside the DMZ), when hosts are inside the DMZ now - still the DSL router (external

Hi all! I posted earlier about the proxy arp configuration = http://shorewall.sourceforge.net/shorewall_setup_guide.htm#NonRouted, = and was probably not sufficiently knowledgeable on the subject. I''ve = gone through a bunch of documents on proxy arp, subnetting with proxy = arp and the documentation at shorewall, and have come up with a setup = that would be perfect for the job at hand - I just need t...

Hello all, Name is Andrew and in desperate need of some info. Setup: - Mandrake 9.1 with three interfaces (eth0 --> WAN) C-class /28 network (with tree virtual addresses which I am DNAT-ing to the DMZ) (eth1 --> LAN) A-class 10.0.0.0/8 (eth2 --> DMZ) A-class subnet 10.1.123.0/24 - Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk Dilemma: - LAN can not access the DMZ zone

Hi, On my network, I use real IP numbers for all of my hosts. They all get nat''d at the gateway. I use real IPs because sometimes someone needs to connect directly to a host behind the firewall. With my old firewall, I had a trusted-hosts file with trusted host IP numbers in it. My hosts talking to external trusted hosts would not have their IPs nat''d instead they were

Hi, I have this case: My Shorewall is a internet gateway: (fw) eth0 -> 200.209.100.0/30 (loc) eth1 -> 192.168.0.0/24 (dmz) eth2 -> 200.209.100.8/30 In the DMZ, I have another linux, with a web server too. eth0 -> 200.209.100.10/30 - running Apache at port 1700 eth1 -> 192.168.0.0/24 My problem is: I need to make a NAT, from my local

Hello, > My server is on Mandrake 10.1 off. > eth0 is WAN with static IP connected 512 DSL > eth1 is LAN. I need a little clarification on static nat settings in shorewall. external address - static IP internal address - ? for the internal address should I put my eth1 IP or the general subnet range. For example 192.168.0.0. I am also not sure about : Active for firewall system? yes

i''ll need to have a virtal server, but why i can do this?

Hi, I am having problem in getting my fw to connect to the net, I had set allow fw net in the policy. I suspect maybe shorewall having problem because I have 5 public IP alias to my fw, which is eth0, eth0:1-eth0:4. Because before I add more ip to this interface my fw able to connect to the net. How can I set one IP to be bind to this fw, or I had to change the rules from fw to fw:w.x.y.z? One

Hello Tom, I seem to be missing the big picture here.. can you shed some light? I have a three interface setup loc,dmz, net I have 4 global addresses that I want to attach to eth0 (net) address 1 - fw address address 2- I want to forward to a (loc)router that uses dynamic dns vpn (gre) (Yamaha router) address 3 - web server/Bind9 (dmz)forward port 80,443,53 address 4 - mail server (dmz)pop3,

Hi ! I have setup a complete shorewall now with DMZ, and Private zones and masq, rules, port-forwarding etc. worx like expected. BUT I have a wish to use a couple of more public IP''s and relate those to inernal servers on the DMZ zone and i am now so confused about it. I have searched this archive for SNAT port allow Setup: 3 public adresses on the WAN nic. lets call them 80.80.80.80 -

...experience on low level iptables rules. I read already the following documentation: http://www.shorewall.net/Introduction.html http://www.shorewall.net/three-interface.htm http://www.shorewall.net/GettingStarted.html http://www.shorewall.net/shorewall_quickstart_guide.htm http://www.shorewall.net/shorewall_setup_guide.htm http://www.shorewall.net/configuration_file_basics.htm http://www.shorewall.net/starting_and_stopping_shorewall.htm http://www.shorewall.net/Documentation_Index.html http://www.shorewall.net/ipsets.html http://www.shorewall.net/manpages/shorewall-exclusion.html http://www.shorewall.net/manpage...

I have been studying Tom''s configuration at: http://www.shorewall.net/myfiles.htm -and- http://www.shorewall.net/NAT.htm I am using SBC as an ISP and also have 5 "real" IP addresses and because of other issues, have to re-do my set-up. If I have a block at .120/29 assigned to me, what SBC does is give you 5 usable addresses, in my case .121 is the SBC modem/router and

Hi All, >From the documentation I have read on Shorewall, the preferred approach seems to be, to use Proxy ARP instead of Static NAT for hosting web servers in the DMZ Zone. But I have also read that this could cause problems for VPN configurations. I essentially have multiple public IP''s, which I want to map to private addresses in the DMZ. I also intend to setup a gateway between 2

Hola, Can someone please point me to the right direction on how-to set up proper routing on PPPoE connection and multiple external IP''s. Thank you kindly. ~Andrew Nady.

...168.1.1 dev eth0 nexthop via 192.168.1.11 dev eth0 I have this shorewall''s conf: interfaces: net eth0 detect loc eth2 detect masq: eth0 eth2 I have read this http://www.shorewall.net/shorewall_setup_guide.htm#dnat so I think it would be enough if I add these rules: DNAT loc net:192.168.1.11 tcp 4661 DNAT loc net:192.168.1.11 tcp 4662 DNAT loc net:192.168.1.11 udp 4665 DNAT...

Dear, All I have 4 ip public in my router 1. For Connection to gateway 2. For gateway Wireless Lan (with ip public) 3. For DMZ 4. For Downtream ISP ------------------History I have two way for connection Internet 1 by Leased Line 128 Up/Down and 256 Down With DVB and i have client with wireless Network. I need Client wireless network can use DVB Network for connection with port 80. What can i

Hi, in a three interface firewall I have eth0, loc, 10.1.5.1/16 eth1, int, 200.41.61.228/29 eth2, dmz, 192.168.1.1/24 (un)fortunately I got a group of public ip?s to use, so here is my problem in the dmz I have 192.168.1.3 redirected from eth1 alias 200.41.61.226 (a web server, works perfect). I am trying to set up a mail server also, a different machine, so I can?t use proxyarp, as with this,