similar to: IP accounting counters on iptables

Hello All, I have a question about setting up the shorewall firewall for squid, I followed the instructions on "Using Shorewall with Squid" --> "Squid Running in the DMZ" section. For some reason I am unable to get the program to work. I am able to have the squid work properly by using squidclient program, but once I setup the firewall to use the redirect I am unable to

Hello, I have this problem: when my mail server on the DMZ starts a connection to the internet it''s ip (213.58.230.26) is "masqueraded" with the firewall ip (213.58.230.50). I wouldn''t mind but there is a one customer who rejects the connection because it makes reverse dns and finds no dns entry for the firewall ip. How can i correct this? Thanks, MSantos shorewall

Hi, Thanks for your reply . I am attaching the files needed by you herewith. The NAT device is called Pronto gateway which has two interfaces , namely eth0 and eth1. ''eth0'' has an ip address of 203.124.152.66 and eth1 has an ip address of 192.168.1.3 . All the client PCs are in 192.168.1.0 network [behind the NAT, the Pronto gateway] and use 192.168.1.3 as the default

(if this post gets line-feed-mangled please read http://www.dl.reneschmidt.de/shorewallxenpost.txt - that''s an unmangled version, thank you) Hello, first I would like to thank the Mr. Eastep and contributors for this great piece of software and superb documentation. I have a SOHO server (Debian testing) that I''m using for several purposes so I''ve set up a Xen

Hi, I have a big "name problem" with my internal mail server (10.0.0.152). It is "seen" on the internet through DNAT (213.58.230.27). Also there is a MX record pointing to the machine. Everything works fine from the outside. However i can''t set the mail clients on the lan pointing to the mx record, because this one points to 213.58.230.27 and the firewall

I must have something configured wrong somewhere. I''ve enabled proxy-arp on my shorewall 2.0.7 firewall. Works fine for what its supposed to do, I can see all the machines through it great. However, whenever its enabled, the network on the DMZ goes screwy. I''ve narrowed it down to this: when proxy arp is enabled for that interface, like such: echo 1 >

Just out of curiosity, I''m running shorewall on a machine that has 4 nic''s and 4 different VPN tunneled subnets. When I want to define a service that is available from any source to a certain destination, instead of making a matrix of all the different combinations possible, is there an easier way? Something like,: ACCEPT any loc tcp ssh Which

Hi, Trying to figure out why I cannot get access to dell.com Their site is up because I can browse using a different firewall. Trying to find out where the logs are located and what log files it would write to if it were to deny browsing to a website. I can see the [UNREPLIED] when using the shorewall status. Was hoping to know what logfile it is writing it to. Thanks in advance, Elmer

Hello, I have a server to which is defined with static nat in Shorewall, and on that server, I''m running a http on a non-standard port (lets say, port 1234). I would like to use on of my free IP addresses, and map port 80 on the public side to port 1234 on the private side (forget about binding my services on a separate IP on the server, if it was feasible, I would have done that).

sorry, i''m confuse where to post my problem.. i was post to shorewall-users, but must read to support.html this''s my problem ----------- i have squid running on DMZ zone and my network using ProxyARP on eth1 and eth2 mylinuxbox slackware 9.2 my network can access to internet normal, but can''t redirect to squid server from firewall. sometimes my network can connect

Hello All, I have a question in regards to iptables in general, I have been getting these log messages for a while now, and I am trying to figure out why these are coming in, I know that I am dropping all packets from the net 2 dmz named service. My question is why would I get these all the time, they are from multiple different sites. Are they trying to do something to my host or is this a

I have this rule in place: -------------------------------------- DNAT net dmz:10.0.0.7 tcp 80,443 - 94.23.242.44 -------------------------------------- When I change this policy: -------------------------------------- net dmz DROP -------------------------------------- to: -------------------------------------- net dmz DROP info

Hello, I have a linux system running with 1 nic. (just local LAN) A Fritzbox is the DSL router, because of services of the Fritzbox (voip etc) I have to use the Fritzbox as the DSL router. Now I want to use the linux system as a VPN router so other devices on the local lan can use that VPN connection. I have setup shorewall but I cannot get it to work. I have monitored the traffic with

In an attempt to solve some of the dependency issues when building klibc library I started to do a modular build of klibc library. The priciple is simple. build all sub-directories specified with lib-y := dir/ before the final lib.a But reading "man ar" it was not obvious if: ar cp lib.a dir/lib.a dir2/lib.a file1.o file2.o would produce the desired result. The linux kernel uses lr

Hi, Does anyone know who did the prompts for French and Russian for Asterisk? I need some custom prompts. Regards, Dovid -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20160511/ae5eea65/attachment.html>

Hi All, We are using Dovecot in a Director setup with two director proxies, six backend mailstores, mailbox storage in NFS, and user accounts stored in LDAP.?? Currently we have five NFS filesystems on EMC VNX storage which are all mounted on each of the six backend mailstores.?? At the moment all users could be directed to any of the six mailstores.? We have a group of users with very large

Hello, My name is Felipe I succesfuly installed Shorewall 4.4.20.3 in Ubuntu 10.04, This installation is for controlling the access into the local Network, My question is if it is possible to make a conecction WAN to LAN using Terminal Name?? i have been searching in goolge but i didnt find an answer!!!! For example we have IP Public into shorewall with 2 interfaces, and in the LAN we have 3

I've been trying to get my head around using matrices in calls to .C(). As an exercise I wrote some code to calculate the product of two matrices. (Well, it makes it easy to check if one is getting the right answer!) After obtaining some advice from a Certain Very Wise Person at Oxford, (to find out how to deal with array indexing in C functions called from elsewhere) I wrote the following

How about Virtual Network Crossbar or VNX for short. Darren

Hi! hopefully someone can give me a hint with this: I need to create a vm with a point-to-point connection to the host using a /30 subnet. Right now i have this in the vm's xml for libvirt: <interface type="network" name="eth0" onboot="yes"> <source network="default"/> <mac address="02:fd:00:00:01:00"/>