similar to: Problems with incoming routing

Hi, First, never compare a linux box with a cheap and dumb broadband router. I''m not sure if i understand very well your scenario but I asume is like this: 192.168.0.1--------- -----------| ipsec | | --------- 128.X.X.X --------- 192.168.0.254 | ISP ----------| linux |------------------| --------- | ---------

Hi, Below is my Linux firewall network configuration: - eth0 - isp 1, IP: 1.1.1.10, Netmask: 255.255.255.252 eth1 - isp 2, IP: 2.2.2.10, Netmask: 255.255.255.252 eth2 - lan, IP: 172.16.0.254, Netmask: 255.255.255.0 eth3 - dmz, 192.168.0.254, Netmask: 255.255.255.0 isp 1 gateway: 1.1.1.9 isp 2 gateway: 2.2.2.9 Below is my iptables rules: - echo 1 > /proc/sys/net/ipv4/ip_forward iptables

I''m being cast headlong into unfamiliar waters here, and being desperate for some air, thought I''d come here for some help. :) Anyway, my employer is going through some whiplash-inducing growth spurts, and as a result, the simple "Internet T-1 -> Linux Firewall/NAT -> LAN" setup just isn''t going to cut it anymore. First, we''re bringing in 2

Howzit guys, I have a question that has been boggling my mind: i have 2 servers( firewalls) 1 server connected to main ISP and another to another ISP( only certain traffic 195.0.0.0/8) Server 1 to main ISP: lan: eth0 192.168.1.0/24 outside: eth1 196.15.203.194/30 gw 196.15.203.193 DMZ: eth3 196.16.202.209/28 (mailservers etc ) private: eth4 10.0.10.2/24 Server 2 to second ISP (

Hello newsgroup, I hope somebody with more routing experience then me can help me with the problem I have. The setup is as described below. A dual internet provider routing, multiple local area networks, and a dmz network with one public and one private ip range. I followed the instructions at lartc.org, and so far everything is working. The default route is via

Hi all, I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as passive ftp. the theroy behind passive ftp is , - FTP server''s port 21 from anywhere (Client initiates connection) - FTP server''s port 21 to ports > 1024 (Server responds to client''s control port) - FTP server''s ports > 1024 from anywhere (Client initiates data

Hi, I have an DNAT ISSUE with PREROUTING. This is my setup. I have 2 firewalls running iptables. Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall. 2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in that DMZ zone, mail server runnig @ 192.168.100.3 Now I want to DNAT port 25 of FISRT firewall ( i.e - its ip address - 1.2.3.4/29) to the internet ip

thanks again for your sharp eye and speedy response. i have corrected the typos in the IP in the masq file. I am sorry to have to ask for more help but my pc''s on the local network can''t reach the dmz webserver using the webserver''s local or Public IP address. I need to be able to do this in order to test the split DNS setup for the network. Using ethereal on the

I want to create a network like this: Internet -- physical router -- host (network 192.168.178.x) -- virtual machine dmz -- eth0 (connected to pyshical router) -- eth1 (connect to isolated network 10.0.0.x) -- virtual machine www - eth0 (connect to isolated network 10.0.0.x) [image: network design]

Hi, I''ve got 2 lines from two diffrent ISP''s, one is a leased line and another a DSL line, I route certain ips over the DSL line for faster access and would like email to go over the leased line as it has a static ip and is our sending mailserver ip I would like to send mail to the same ips that is routed over DSL via the leased line, otherwise my server gets blacklisted with

Hi I have 2nic firewall . I had to open some ranges of udp and tcp ports . I faced a problem that although all the ports are open Some functionality was not working . Any body used shorewall with H323 Voip traffic DNATed . Any help is appretiated . Thanks ----- Original Message ----- From: <shorewall-users-request@lists.shorewall.net> To: <shorewall-users@lists.shorewall.net> Sent:

Jens wrote: >I am trying to trace a problem I have in redirecting my mail traffic to a >different ISP. I have set up a whole bunch of logging rules but am still a >bit mystified and could use some clarification.... > >The setup (shortened somewhat for this example): >Cable connection coming into a firewall/router going to a mail server in the >DMZ. >The interface on the

Hi William. Thanks a lot for your help. Im having some trouble recompiling my kernel after a installed the patch. Im running RH 7.3 with kernel 2.4.18-3. The patch I installed is routes-2.4.16-6.diff. I got no errors installing it. I added the multipath support, and recompiled it. The make dep and the make bzImage went fine. I got error during the make modules. These are the errors:

In the last 15 minutes I have had a major firewall running Shorewall display some problems. This machine has been working fine for the better part of a year, no changes made in the last week. This machine has three zones. There is a DNAT running from the net zone and the loc zone to a webserver in the dmz port 80 only. The DNAT from the loc zone seems to not be working correctly. If I make a web

Unless the bridge keeps stateful inspection data and can reply back to the session''s origin, not it route then its fine. The only way I can see this working is either putting the FTP/.. DMZ behind the firewall giving true firewall protection for all services involved, or if you just want to kludge the current solution, you can perform a DNAT/SNAT interface bounce like the following: #

You want multiple IP Addresses for email if you are hosting more than one domain. The reason is, everyone now checks for reverse DNS with email so you need a different public IP Address for each email domain. This way, all the reverse DNS translations will be unique. For apache, you can have multiple websites sharing the same IP Address as long as you don''t do anything with SSL. SSL

Ok, the story is this, I''m running an Unreal Tournament 2004 server. It''s running on a system that has two external NICs that are connected to different ISPs. I would like players to be able to connect to the server from either link. My default gateway goes through NIC1. For traffic through NIC2 to work I simply added an extra routing table and rule. The extra routing table has

Hello! I have a problem. May be here exist anyone who has encountered with the following problem. I have a router which is connected to 2 ISP from external side and one LAN internal interface. The feature is that the one ISP allocates a subnet xxx.xxx.xxx.160/28 for me but I split it into two subnets xxx.xxx.xxx.160/29 and xxx.xxx.xxx.168/29 and assign the latter to the internal interface. Also

Hi folks, I know this isn''t a shorewall question, but i''m hoping someone can point me to the right place to look for answers on this (since, as Tom suggests, search engines are useless for some things): Here is my firewall setup: ADSL1 ADSL2 dialup \ | / firewall | DMZ It''s a fairly simple setup. ADSL1 has a static IP, ADSL2 is

Hello list, I am in the process of switching from IPCOP to Shorewall s the firewall for our small office. I very much like the fact that Shorewall runs on top of the same OS (openSuSE 11.4) that I run on the server and my desktop. Our setup is fairly straightforward. We have 8 static ip addresses from our ISP, which provides a cable modem and a Cisco 800 series router. The ip addresses are