Displaying 20 results from an estimated 20000 matches similar to: "Running SMB protocol on a web server - Secure or not?"
2024 Dec 13
1
RODC in DMZ
Der Rowland,
We share that concerns actually and of course if there is a way to avoid
it, it is always better. Another fellow suggested us an LDAP-Proxy
instead (personally have never setup one). What we actually need in our
case scenario, is only that service and not the rest of bells and
whistles of an RODC.
I just was wondering if someone had experience with what happens if one
does
2024 Dec 13
1
RODC in DMZ
On Fri, 13 Dec 2024 10:14:27 +0100
Ilias Chasapakis forumZFD via samba <samba at lists.samba.org> wrote:
> Dear all,
>
> We (me and colleagues) were considering setting an RODC in our DMZ
> for some authentication related questions.
>
> We were curious about any suggested best practices for those cases.
>
> We also notice that there are quite a lot of ports to
2013 Aug 08
2
Cisco DPC3825 - Web Server
Friends I have the following Cisco DPC3825. Enter the settings and put in
the DMZ web server that I have, but when I try to access it from another
network I get the error code 504, which is the gateway problem. I can
access the server via ssh without problems. Research on google for 3 days
and can not find the solution to my problem.
This router is different compared to the ones I had.
The IP to
2008 Aug 14
1
[OT] VPN/DMZ best practices
There is such a wealth of knowledge and personal experience on this list
that I'd like to get your opinions on our current situation.
Currently, we have a simple tri-homed firewall with the internal network
on one interface, the dmz on another, and the dirty internet on the
last. Also, there is a spare interface on the box which is unused. We
use CentOS and manually maintain our rule sets
2015 Feb 03
2
Another Fedora decision
On Tue, 2015-02-03 at 13:16 +1100, Kahlil Hodgson wrote:
> A DMZ in this context is a network that has been isolated from the
> rest of your local network. You can access it from your local
> network, it can access the rest of the world, but it can't access your
> network. The idea is that, if a machine in the DMZ is compromised, it
> can only access other machines in the
2012 Mar 07
1
routing problem with domU bridged to two networks
As I received no response on the general CentOS list, I'll repost it
here as the question is about Xen virtual machine routing.
This is my network setup:
http://pastebin.com/kyWpTQYU
Lets assume my dom0's eth2 public ip is 1.2.3.33 and my dmz network
11.22.33.96/255.255.255.224 . I have created NAT from my LAN with
iptables. You can see my /etc/sysconfig/iptables here:
2010 Aug 09
2
Setting up webmail in DMZ
I have a Smoothwall server on my network and am running three network
interfaces off it.
1) local LAN 192.168.0.0 with PCs and an internal dovecot server on
192.168.0.154.
2) internet interface
3) DMZ 192.168.2.0 which has a linux web server 192.168.2.1 on which I
want to install a webmail so I can access my email remotely.
Originally 192.168.2.1 couldn't see the 192.168.0.0 network but with
2007 Sep 25
7
DNAT PREROUTING issue with IPTABLES
Hi,
I have an DNAT ISSUE with PREROUTING.
This is my setup.
I have 2 firewalls running iptables.
Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall.
2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in
that DMZ zone, mail server runnig @ 192.168.100.3
Now I want to DNAT port 25 of FISRT firewall ( i.e - its ip address -
1.2.3.4/29) to the internet ip
2003 Oct 22
2
help seeing DMZ from LOC
I have a three interface network (net,loc,dmz).
The internet interface (eth0) has a static IP.
Windows machine in the local network (eth1) use DHCP to get IPs from
the 192.168.10.0/24 netblock.
The Debian machine in the DMZ (eth2) gets a fixed IP through DHCP in
the 192.168.11.0/24 netblock.
The DHCP server is running on the firewall machine (not ideal, I know,
but that''s the way
2003 Feb 24
5
Bug in Shorewall check?
I made a boo boo in my config and put in this rule
#PPTP
DNAT net:213.67.241.162/217.209.46.204/32
loc:192.168.221.200 tcp 1723
DNAT net:213.67.241.162/32,217.209.46.204/32
loc:192.168.221.200 47 -
And the the following happened.. and I wonder why it didn''t complain? I
am sure I am just misunderstanding some doc
2004 Sep 29
4
Re: start error]
thanks again for your sharp eye and speedy response. i have corrected the typos in the IP in the masq file. I am sorry to have to ask for more help but my pc''s on the local network can''t reach the dmz webserver using the webserver''s local or Public IP address. I need to be able to do this in order to test the split DNS setup for the network. Using ethereal on the
2002 Aug 09
2
Proxy Arp
Hopefully this is an easy question....
I''m using a leaf router (bearing) running shorewall. Three interfaces net,
loc, and dmz. Only one computer in the dmz and its being proxy arp''d.
External and internal (net and loc) can reach the dmz but the dmz cannot
reach the isp''s gateway and beyond, but can reach a system adjacent to the
firewall.
2003 Jan 14
1
Two web servers on DMZ zone with private ad dresses. How to?
That log message looks like someone (or some program) is trying to browse to
moreover.com from your web server machine--it''s not a reply to an external
request. You''d see messages like that if you were running some sort of HTTP
proxy server (like Squid) on that box (although they''d likely be to multiple
IPs, unless your users only browsed to p.moreover.com). It could
2004 Oct 08
6
clean install with 3 ip addresses
i am doing a clean install on fedora
core 2 using the shorewall rpm and the
Shorewall Setup Guide for multiple
IP''s using a stock configuration except
for AllowDNS and AllowWeb on the
firewall (so i can post this message).
my shorewall status file is attached.
my setup
69.17.65.105 = firewall
69.17.65.22 = dmz server 1
69.17.65.161 = dmz server 2
my local network is
2005 Jun 16
1
RE: Setting up a routed DMZ -CLOSED
My sincere apologies to all on this list. After looking for returning
packets with tcpdump and not finding ANY I called our provider to
confirm our IP assignment. The IP range that I was given by my boss was
incorrect. After adjusting the ip assignments, everything is working
perfectly. Thank you all for your time in troubleshooting this, and I
hope to be able to return the favor at some
2005 Jun 16
5
Setting up a routed DMZ
Hello all,
I''ve read the shorewall guides and browsed through the mailing
lists, but I haven''t been able to find out if the following is possible
or not using shorewall.
Our provider has given us 16 IPs + 4 in a separate range for our uplink.
I would like to replace that router with a Linux box running shorewall
with three interfaces. I want the DMZ to be a standard, routed
2004 Sep 10
1
Is ProxyARP or NAT entries really neccesary for DNAT to work?
I have been trying to get DNAT to work and I actually have succeeded
too, however, not how I thought it would work when reading through the
documentation.
1. No matter what I do I cannot get DNAT to work unless I have an entry
in eiter the nat or the proxyarp file. Is that really how it''s supposed
to be? I can''t find anything about it in the documentation.
2. Also, in the
2004 Oct 13
4
Connection tracking on non-masqueraded interfaces.
I don''t think this has anything to do with Shorewall but I am not too
familiar with iptables stuff yet so I''m not sure.
Running Shorewall shorewall-1.4.9 on Mandrake Linux release 9.2 (FiveStar)
for i586 Kernel 2.4.22-37mdk.
Run "nmap -sP 192.168.x.x/24" (for example), where 192.168.x.x/24 is the LAN.
You can do this from a firewall/router, or even from a
2004 Aug 16
3
Not sure how to configure Shorewall 2.1.3
I have an access-IProm my isp that I configured my eth0 with.
And I also have an IP-range assigned from my ISP that will be used on my servers connected to eth1. The IP-range is routed thru the access-IP.
This is how my configfiles look like. Internal everything seems to work but not external.
/etc/shorewall/proxyarp
#ADDRESS INTERFACE EXTERNAL HAVEROUTE
2012 Jan 11
3
Unable to allocate dma memory for extra SGL
Hi all;
We have a Solaris 10 U9 x86 instance running on Silicon Mechanics /
SuperMicro hardware.
Occasionally under high load (ZFS scrub for example), the box becomes
non-responsive (it continues to respond to ping but nothing else works
-- not even the local console). Our only solution is to hard reset
after which everything comes up normally.
Logs are showing the following:
Jan 8