similar to: Complex Routing/Firewalling/Bridging question

I work at a large financial institution (AXA) and we have a large number of DMZs for our partner and internet-facing servers. The only access to the various DMZs is via SSH and no DMZ-initiated connections are allowed back to the internal network. I''d consider putting a Puppet server in the DMZ but no communication is allowed between DMZs either. Has anyone tried tunnelling Puppet

Hi I know i might get flamed for asking this in the dovecot mailing list instead of the spamassassin one but i thought someone might be kind enough to help anyway. TIA I'm trying to do site-wide spam filtering with a public namespace but it's not reading the folder i have in the public namespace This is the public namespace set in my dovecot.conf #public spam folder namespace public

Hi, I''ve setup quagga on a shorewall firewall server. The only purpose for this is to use BGP to connect to a "peering platform" supplied by our data centre supplier. There are some very large ISP''s (and other various providers including google) on this peering platform and connecting to it will speed up access to/from our services and hosted servers. The physical

Dear list, I''m running Shorewall on a dedicated Fedora 7 box. Shorewall is working well as an office DSL router (dynamic IP) with loc and dmz zones. I am now trying to configure IPSec to connect a VPS, "casp", with a static IP to both the firewall and to the loc network behind it. The host to host SA works fine. However, pings from "loc" to "casp" can be

I am trying to build a firewall and from my reading of the list archives and other places, I''m worried about unintended interactions between iptables and iproute2. Here is my situation I have an internal network on eth0 and two separate dmzs on eth1 and eth2 respectively (a wireless network and a kiosk). On the outbound side, I have a cablemodem provider and a dsl provider. What I

Dear Shorewall Users :-) I''ve been playing with shorewall for some time now - I found it really interesting and easy tool to organise all the rules and so on (beforethat I''ve been using simple iptables rules in shell script ;-) Generally it''s quite easy to be used, but anyway found one problem which I cannot handle myself - or in other words - cannot find appropriate

Hi Guys, I would just like to have advice and pointers of the best way would be, Someting like BGP or OSPF? I have 2 internet connections at diffrent locations. let say connection A and B 1.) router A has a fast internet connection and a seperate interface for clients using /lan/pppoe/ipsec etc and another ethernet interface going to router B 2.) router B has similiar setup as router A and

Hi everyone! First of all, sorry about my bad English and the e-mails extension. I need some help to implement a VPN connection using shorewall and openswan as IPSec Tunnel. My network map: CLIENT VPN APPLIANCE --> +++INTERNET+++ --> FIREWALL --> OPENSWAN SERVER (DMZ) I have two VPN connections with two different subnets to the other end. The two of then are correctly established.

I am trying to configure a firewall, but nailing down the configuration is eluding me. The box is running Debian stable. Basically, I have a rackmount server with six network cards. eth0 is the internal network, eth1 is a kiosk network, eth2 is a DMZ/wireless network. On the outbound side, eth3 is a DSL connection and eth4 is a cablemodem connection. What I am trying to do is route all internal

I noticed the long standing Ipsec FSwan problem was fixed. But do you still have to make sure Ipec is not running when shorewall starts Reason I ask Is I could not get my Dmz working with Ipsec in the equation. Thanks Mike

Hi, Does anyone have experience using IPSEC on CentOS in order to connect to vendor IPSEC-based VPN products (specifically Checkpoint FW1) ? Is the included IPSEC implementation sufficient, or do people have to rely on OpenSWAN or FreeSWAN ? I'd be testing tomorrow and I'm interested with experiences others have had and things to look out for. Thanks in advance, -- dag wieers, dag

Hello Mailinglist, please excuse my bad english - but I am not a native speaker. My Network looks like this: Internet --- dyn. IP --- Firewall (shorewall) --- LAN (192.168.X.X) No I try to connect my iphone (from mobile Internet G3) over VPN (l2tp/ipsec) with the firewall. But I can´t open the necessary Port 1701. /var/log/syslog ... Dec 30 00:24:29 router kernel: [226128.293757]

We had a running ipsec shorewall system to all of our remote offices. We added a dmz to the firewall and implemented proxy arp for that dmz. We have checked everything two or three times and cannot figure out why the vpns will no longer come up. We are using shorewall version 2.2.3 from the debian stable sarge distribution. We noticed the errata that for 2.0.0 there was a problem with proxy

Hello Tom, I have successfully configured proxy arp subnettinng on my network with three hosts in a Dmz. And it works great. (using proxyarp in interfaces) I also tryed this on network below same trouble. However for this network below I have tryed to configure one host in a Dmz (using /etc/shorewall/proxyarp) which works and comes up after I set it up and clear Isp''s arp

Hi, First, never compare a linux box with a cheap and dumb broadband router. I''m not sure if i understand very well your scenario but I asume is like this: 192.168.0.1--------- -----------| ipsec | | --------- 128.X.X.X --------- 192.168.0.254 | ISP ----------| linux |------------------| --------- | ---------

I am considering replacing my old checkpoint and watchguard firewalls witha single Linux box using iptables and shorewall. I have two ISP''s (with separate routing tables), two DMZ''s, at least one VPN to a remote office, and a local trusted network. The configuration will look like: +----------------+ | | net0 ----------+ eth1

Hello! I have trouble with multipath routing. Those options are enabled in kernel: [*] IP: policy routing [*] IP: equal cost multipath [*] IP: equal cost multipath with caching support (EXPERIMENTAL) <*> MULTIPATH: round robin algorithm But issuing: ip r a 1.2.3.0/23 scope global equalize nexthop via 80.245.176.11 \ dev eth0 weight 1 nexthop via 80.245.176.13 dev eth0

On Tue, 2015-02-03 at 13:16 +1100, Kahlil Hodgson wrote: > A DMZ in this context is a network that has been isolated from the > rest of your local network. You can access it from your local > network, it can access the rest of the world, but it can't access your > network. The idea is that, if a machine in the DMZ is compromised, it > can only access other machines in the

Before I start, I don''t want to do ECMP or simple bonding ... I have multiple Internet connections available to multiple boxes on one of my networks. Box A connects to ISPs 1, 2 and 3 Box B connects to ISPs 1 and 4 Boxes A and B are both connected to each other and the rest of the network. 1) I would like to set up some dynamic routing in such a way that any given outgoing packet from