similar to: Read Only DC in one way only

On Wed, 13 Jun 2018 12:28:23 +0200 (CEST) Gaetan SLONGO <gslongo at it-optics.com> wrote: > Hi Rowland, > > > I have no homes share. As far as I know I should not have that share > on a DC ..? Then don't worry about it, I was just checking if you had one. > > > Regarding the security consideration for a DMZ zone, what do you > suggest instead of putting

On Wed, 13 Jun 2018 11:33:48 +0200 (CEST) Gaetan SLONGO <gslongo at it-optics.com> wrote: > > > > > Here it is. It talks about homes share but I think we don't care ? > Final error is not explicit to me.. Maybe you? > > > > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse:

Dear all, setting up a DMZ environment I was thinking to use an RODC there for user authentication. One of the application in the DMZ needs to access the directory via LDAP. When I tried to connect to the RODC using LDAP with simple bind, I always received the following error ldap_bind: Invalid credentials (49)         additional info: 80090308: LdapErr: DSID-0C0903A9, comment:

On Thu, 14 Jun 2018 10:23:56 +0200 (CEST) Gaetan SLONGO <gslongo at it-optics.com> wrote: > Hi Rowaland, > > > I read the doc. > The reason is the usual one. We need authentication inside the DMZ > zone and do not want any modification from this zone. We also need a > fileserver into this zone where corporate users can log-in. We are > asked to keep the solution

Hi I am trying to setup samba (rhel6/centos 6.2) and I am having some issues. So what I have is Server A (centos 6.2) It exists in my DMZ so very limited access to thing. Juts mainly DNS and some ports for RODC Sever B (W2k8r2) RODC, exists in my insecure vlan, stepping stone into the DMZ (dmz-inside) My Windows box work fine talking to the RODC When I try wbinfo -u it fails. I have opened

I'm dealing with an environment with AD servers in a normal working environment, all working and happy. I'm using bare Kerberos authentication for my Linux hosts to authenticate local accounts against the AD server, all well and good, I've not needed to integrate LDAP support and don't want to. But there are DMZ VLAN's with hosts exposed directly to the Internet. I'd like

Hi Rowaland, I read the doc. The reason is the usual one. We need authentication inside the DMZ zone and do not want any modification from this zone. We also need a fileserver into this zone where corporate users can log-in. We are asked to keep the solution simple, easy to understand an maintain. I can force authentication to this DC instead of choosing the DC "randomly". So, do

Hello all, i am new to shorewall and i already have a question ;) i am running a mailserver in my dmz (or actually this will be when = evertything will be working fine with shorewall) with public ip = addresses.. i have a subnet of 8 ip addresses (255.255.255.248 mask) and = i was planning of the classic 3 nic (eth0-2) setup... the dmz should = work with proxy-arping...=20 now my quesion is

I keep getting errors in my logs about can not bind to address *.*.*.*:53 address in use.. what did i do wrong in the setup of my server or domain? attached logs and smb.conf along with the output from my provision command. Jeffrey D. Means meaje at meanspc.com Owner / CIO for MeansPC http://www.meanspc.com/ Custom Web Development For Your Needs. (970)308-1298 - The

Hi Andrew, I am deeply impressed by your speed! :D The RODC is actually Samba 4.7.4, the other DCs are still on 4.6.12. Any suggestion how I can debug this w/o setting everything on level 10? ;) Best regards Johannes Am 22.01.2018 um 20:45 schrieb Andrew Bartlett: > On Mon, 2018-01-22 at 20:36 +0100, Johannes Engel via samba wrote: >> Dear all, >> >> setting up a DMZ

Been trying to puzzle through a firewall layout here involving E-Mail. Would have thought this was a more common kind of scenario, but I haven't been able to Google me up an answer to this one. At present I have an SMTP server (Postfix) in my DMZ that is simply re-routing mail into my secure network. This is a less than optimal setup simply due to having to allow traffic from the DMZ

I have a three interface network (net,loc,dmz). The internet interface (eth0) has a static IP. Windows machine in the local network (eth1) use DHCP to get IPs from the 192.168.10.0/24 netblock. The Debian machine in the DMZ (eth2) gets a fixed IP through DHCP in the 192.168.11.0/24 netblock. The DHCP server is running on the firewall machine (not ideal, I know, but that''s the way

I made a boo boo in my config and put in this rule #PPTP DNAT net:213.67.241.162/217.209.46.204/32 loc:192.168.221.200 tcp 1723 DNAT net:213.67.241.162/32,217.209.46.204/32 loc:192.168.221.200 47 - And the the following happened.. and I wonder why it didn''t complain? I am sure I am just misunderstanding some doc

thanks again for your sharp eye and speedy response. i have corrected the typos in the IP in the masq file. I am sorry to have to ask for more help but my pc''s on the local network can''t reach the dmz webserver using the webserver''s local or Public IP address. I need to be able to do this in order to test the split DNS setup for the network. Using ethereal on the

I''m getting 2 or three of these a day...Any ideas ? The 192.168.250.zz is a eth0:3 on a box that currently only has eth0:1 active Dec 1 15:47:40 machine-name kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=my.real.ip.addr DST=66.228.216.22 LEN=68 TOS=0x00 PREC=0xC0 TTL=255 ID=12031 PROTO=ICMP TYPE=3 CODE=1 [SRC=66.228.216.22 DST=192.168.250.zz LEN=40 TOS=0x00 PREC=0x00 TTL=46

Hopefully this is an easy question.... I''m using a leaf router (bearing) running shorewall. Three interfaces net, loc, and dmz. Only one computer in the dmz and its being proxy arp''d. External and internal (net and loc) can reach the dmz but the dmz cannot reach the isp''s gateway and beyond, but can reach a system adjacent to the firewall.

i am doing a clean install on fedora core 2 using the shorewall rpm and the Shorewall Setup Guide for multiple IP''s using a stock configuration except for AllowDNS and AllowWeb on the firewall (so i can post this message). my shorewall status file is attached. my setup 69.17.65.105 = firewall 69.17.65.22 = dmz server 1 69.17.65.161 = dmz server 2 my local network is

My sincere apologies to all on this list. After looking for returning packets with tcpdump and not finding ANY I called our provider to confirm our IP assignment. The IP range that I was given by my boss was incorrect. After adjusting the ip assignments, everything is working perfectly. Thank you all for your time in troubleshooting this, and I hope to be able to return the favor at some

Hello all, I''ve read the shorewall guides and browsed through the mailing lists, but I haven''t been able to find out if the following is possible or not using shorewall. Our provider has given us 16 IPs + 4 in a separate range for our uplink. I would like to replace that router with a Linux box running shorewall with three interfaces. I want the DMZ to be a standard, routed

I have been trying to get DNAT to work and I actually have succeeded too, however, not how I thought it would work when reading through the documentation. 1. No matter what I do I cannot get DNAT to work unless I have an entry in eiter the nat or the proxyarp file. Is that really how it''s supposed to be? I can''t find anything about it in the documentation. 2. Also, in the