Displaying 20 results from an estimated 10000 matches similar to: "setup firewall with 3 nic cards"
2004 Sep 15
15
re: start error
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The original post was over 300,000kb so I didn''t spam the list with it -TE.
|
|
| Thank you for your quick and helpful response.
|
| I didn''t understand that the virtual interface eth0:1 doesn''t count as
a separate instance from eth0.
| I am sorry to ask for further assistance and would appreciate any
help. The error
2004 Sep 30
2
2 DSL link, DNAT & SNAT
Sorry for the long descritpion of the problem, I''d like to know If I
misunderstand something or if I meet an intrinsic limit of my setup.
217.58.51.162 HDSL eth1 - SRV_XP: 192.168.254.10
eth0: 192.168.254.1 -----+------------------+-------
81.121.243.250 ADSL eth3 -
I want to allow incoming pptp request (port 1723) to be forwarded to
srv_xp
2004 Aug 17
16
Sanity check please !
I am setting to a shorewall system with 4 NIC''s as per the outline
specification below. Can anyone please have a look and let me know what I
have missed and what I have got wrong as I want to take this system live
ASAP but do not want to kill internet access and the hosting for too long !
I have listed below the system outline & have attached the config files that
I have changed, if
2010 Oct 26
16
Xen 3.4.2 networking help
(If this is a double post, I apologize, my email client crashed when I first
sent it)
I need some help to configure a secure network on my Xen server. I have been
looking online and it seems a I need a routed network. But I am having a
terrible time implementing it.
My setup:
Xen 3.4.2
CentOS 5.5 Dom0
1 NIC (eth0)
All guests will be HVM
What I want to do is something similar to a firewall
2005 Jan 11
2
dnat problem
Hi,
I have a proxy/firewall,
I want to dnat requests for 193.205.140.106 on port 443 towards
10.2.15.23 and requests for 193.205.140.106 on ports 4330 and 3389
towards 10.2.15.25, these rules must apply from internet, loc and fw
(some client use a proxy on fw to reach these servers)
I have tried with the following rules:
DNAT net dmz:10.2.15.23 tcp 443 -
2003 Mar 28
9
Squid
I''m attempting to setup Squid as shown on:
http://shorewall.sourceforge.net/Shorewall_Squid_Usage.html#DMZ
The firewall is a Bering 1.0 firewall running Shorewall 1.3.11, Red Hat
7.2 on the server in the DMZ. I''m not seeing the requests come in to the
server using tcpdump. The server is 192.168.2.1 connecting to eth2 on the
firewall, the local traffic I''m trying to
2003 Aug 31
4
linux-ha heartbeat .. failover firewall
I have searched your FAQ''s and read the documentation on your site as well
as googling. I am not able to figure this out. If you have any ideas can
you please help.
I am using the linux-ha failover with redundant firewalls.
As part of the function of the linux-ha software consists a service called
heartbeat which is a connection from each failover node through a serial
cable or ethernet.
2004 Dec 28
14
DHCP
Good day to all.
I don''t like to Post unless I am really stuck. Guess what?
Redhat with Shorewall. Been using this for years. I have a new client that we have setup with Redhat and Shorewall. The problem is that his outside address (ETH0 = NET) is dynamic (i.e. DHCP enabled).
All the rules work fine when we use a STATIC address on Eth0, so we know the rules, filters, tos etc work fine
2011 Aug 03
4
Xen 4 + Debian Squeeze + one VM in route mode and another in nat mode
Hello,
I''ve installed on a debian squeeze server, xen 4 with one VM which run
in route mode configuration with an IP failover.
I wanted to create another VM which turn in nat mode, so I make that :
- I let my xend-config.sxp with :
(network-script ''network-route netdev=eth0'')
(vif-script vif-route)
because my first VM is the most important....
For the second, I
2003 Apr 15
8
repost (passive FTP server in DMZ and shorewall 1.4.2)
I apologize for the first message. :)
---------------------------------------
I have an FTP server running in the DMZ section of my home network. It uses port 23000 for connection and ports 19990 to 19994 for data transfer.
I have setup the following rule for outside people to connect to it:
DNAT net dmz:192.168.2.2 tcp 23000
I''m at work right now and I can''t use
2005 Mar 02
12
Problem with outgoing Masquerade
I''m having another little problem with my new firewall. I want outgoing port
25 from my mail server to appear on the address 65.223.121.227 so I created
the file masq:
eth2 192.168.124.18 65.223.121.227 tcp 25
eth1 eth5
eth1 eth3
eth1 eth4
eth1 == net0 == 209.189.103.196/27
eth2 == net1 == 65.223.121.237/28
eth3 == dmz0
eth4 == dmz1
eth5 == loc ==
2007 Mar 08
10
routing TCP to another box preserving ORIGINAL client IPs
My TCP clients connect to box A. I need to forward those connections to a
server on box B, such that the original client IPs are visible to the server
on B.
Each box has two Ethernet ports. One port on each box is connected to WAN,
and they are cross-connected in a LAN via remaining ports:
------------------- -------------------
WAN -- |eth0 Box A eth1|---LAN---|eth1 Box
2004 Aug 05
9
Not able to access website
Hi,
Trying to figure out why I cannot get access to dell.com
Their site is up because I can browse using a different firewall.
Trying to find out where the logs are located and what log files it
would write to if it were to deny browsing to a website. I can see the
[UNREPLIED] when using the shorewall status. Was hoping to know what
logfile it is writing it to.
Thanks in advance,
Elmer
2005 Jul 14
7
Losing Packets after a DNAT in prerouting
I''m trying to setup some DNAT and the packets seem to be disappearing after
the PREROUTING step. The packets are coming in eth2 (both LOG targets in
iptables and tcpdump confirm this). They are then DNATed to an IP that
should cause them to go out eth3. However I never see them go out that
interface. I have tried putting LOG rules into the FORWARD chain with no
success. I''m
2005 Mar 07
10
DNS Name problem with mail server on LAN
Hi,
I have a big "name problem" with my internal mail server (10.0.0.152).
It is "seen" on the internet through DNAT (213.58.230.27). Also there is a
MX record pointing to the machine. Everything works fine from the outside.
However i can''t set the mail clients on the lan pointing to the mx record,
because this one points to 213.58.230.27 and the firewall
2005 Oct 12
2
Ip route cache problem
Hello,
I need some help about a routing problem on a complex configuration.
The problem is that I can''t reach from services outside from my DMZ.
The scenario is a gateway linked to three internet connections, so that
I used three distinct iproute2 tables for routing. The gw is running
ipvs for balancing over the dmz''s servers.
DMZ servers are on 192.168.1.0/24 network, .
2012 Oct 03
1
IPv4 routed virtual networks
OK, either I have taken a stupid pill and am missing something basic or
routed network do not work.
I assume that, if they did work, it would be in more or less that same
manner as a nat network as far as ping'ing, ssh'ing, etc. to another
real host on the same real LAN as the virtualization host. At least that
is what I believe I should expect.
I have googled for info and everything
2005 Jan 22
3
DNAT, NAT or ProxyARP?
Hello Shorewall gurus, I have a dilemma with a public server. I want to migrate the current public server over to a new machine behind the current server''s firewall (shorewall 1.4). I have included a diagram below to help explain the target network I am working toward. I have read the shorewall online documentation and though I have used Shorewall the past 4 years in the current
2006 Jan 25
32
[Bug 429] -j REDIRECT does not appear to work correctly
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=429
------- Additional Comments From laforge@netfilter.org 2006-01-25 11:00 MET -------
Please specifically tell us about the exact kernel version, any patches that you
might have applied, and the iptables version that you're using.
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You
2004 Aug 02
1
Split Access Routing and SNAT
Hi all,
i got the following configuration:
* NET1: DSL Line with /28 network, let''s call it 10.1.0.0/28
* NET2: DSL Line with /28 network, let''s call it 10.2.0.0/28
* INTNET: Internal Network with productive servers and workstations,
192.168.1.0/24
Obvisiously the 10er networks are official networks but censored to
protect my customer.
The routerbox assigns on eth0 all