Dear Sir / Madam, I use to be able to ping mail.must.edu.my and get internal 192.168.1.102 address. My mail server is has a static NAT with port 110 & 25 open from 192.168.1.102 to 210.187.105.132 However, after upgrading to the lates Shorewall and LH8.0 sometime the same ping to mail.must.edu.my resulted for the external address 210.187.105.132 My internal DNS server point to 192.168.1.102 but why sometime I will get the external address? Users could not check email using the external address so I put in the internal 192.168.1.102 address manually into Outlook Express server porperties. Any suggestions. Thank you for any help. Romano Leong IT Exec Malaysia University of Science & Technology
People, There have been a lot of requests lately for a "simple firewall setup" using shorewall... I''d like to offer the following suggestions; 1. Download shorewall and install 2. Read the documentation 3. Download the "two interfaces" file Point 3 will get you started with one minor change - uncommenting one of the lines in the RULES file. This assumes that eth0 is your network and ppp0 is the internet, the most common setup. 4. Read the comments in each and every configuration file 5. Run "shorewall start" and see if any errors are returned 6. Read the comments in each and every configuration file If, at this point, you are still stuck, then by all means post a question here - there are many people, not only Tom (who shouldn''t have to bear the brunt of the workload) who are quite knowledgable in the mystic arts...:-) Seriously folks - try helping yourselves first before asking for help - if you fsck it up totally, we can help you recover, but to just ASK without TRYING is not only unfair on the rest of the list, but you ain''t ever gonna learn nuffin''. !!! Trust me - I learned this with Linux the hard way..... Jon --------------------------------------------- Tony Blair phones George Bush, and asks "What proof do you have that Iraq has weapons of mass destruction?" and Bush replies "We kept the receipts."
Romano Leong wrote:> Dear Sir / Madam, > > I use to be able to ping mail.must.edu.my and get internal 192.168.1.102 address. > > My mail server is has a static NAT with port 110 & 25 open from 192.168.1.102 to 210.187.105.132 > > However, after upgrading to the lates Shorewall and LH8.0 sometime the same ping to mail.must.edu.my resulted for the external address 210.187.105.132 > > My internal DNS server point to 192.168.1.102 but why sometime I will get the external address? Users could not check email using the external address so I put in the internal 192.168.1.102 address manually into Outlook Express server porperties. > > Any suggestions. Thank you for any help. >It sounds like that the client systems are occasionally using a different (external) DNS server for name resolution. This is unlikely to be Shorewall-related since unless you have rate-limiting rules in place, NetFilter rules are completely static and deterministic. Shorewall doesn''t even provide any way to rate-limit UDP so all simple DNS lookups will be treated by the Shorewall-produced NetFilter ruleset the same way every time. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Jon Biddell wrote:> People, > > There have been a lot of requests lately for a "simple firewall setup" > using shorewall... I''d like to offer the following suggestions; > > 1. Download shorewall and install > 2. Read the documentationEspecially http://www.shorewall.net/two-interface.htm.> 3. Download the "two interfaces" fileWhich is described in the above document.> > Point 3 will get you started with one minor change - uncommenting one of > the lines in the RULES file.Are you referring to the RULES file or to the POLICY file?> This assumes that eth0 is your network and > ppp0 is the internet, the most common setup.Actually, the sample assumes that eth0 is the internet and eth1 is the local network. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net