similar to: a long hard road

On the firewall, what is the rationale for giving eth1 an IP address that is also assigned eto eth0? (Rather than a private one.) -- Taso Hatzi caesar 17 <<-salad cjbx jc vdwwjar jc xi jc jd salad

Can someone help me with this problem: My host on the DMZ is inaccessible from the WAN on port 25. I tried to telnet but getting: $ telnet 66.58.99.84 25 Trying 66.58.99.84... telnet: Unable to connect to remote host: No route to host My shorewall/proxyarp is: #address interface external haveroute 66.58.99.82 eth1 eth0 No 66.58.99.84 eth1

Hi everybody. I''m trying to configure shorewall folowing this manual: http://www.montanalinux.org/proxmox-ve-with-shorewall.html But with shorewall check it tells me thah: Checking /etc/shorewall/interfaces... ERROR: Unknown zone (dmz) : /etc/shorewall/interfaces (line 16) How can I define it in the zone file? thanks for the help. best regards, Santiago.

I have an access-IProm my isp that I configured my eth0 with. And I also have an IP-range assigned from my ISP that will be used on my servers connected to eth1. The IP-range is routed thru the access-IP. This is how my configfiles look like. Internal everything seems to work but not external. /etc/shorewall/proxyarp #ADDRESS INTERFACE EXTERNAL HAVEROUTE

I have tried unsuccessfully to run both Shorewall 1.2.x, 1.3.x with Proxy ARP on a Red Hat 7.2 machine. The machine was configured as the external firewall as per the ''belt and suspenders'' layout given at http://www.skippy.net/linux/firewall/ The firewall appeared to function correctly in all functions except proxy ARP, however I must say I did not test exhaustively. After

Hello everybody. I could not find an answer to my problem in the archive. (But that may just be me :-) ) I have a problem with proxy arp and connection from loc (localnet) and from the firewall. Works fine from internet to dmz / proxy arp and vise versa. I have a feeling the solution is simple, but I''m no guru in Linux routing etc. The problem seems to be the routing setup. loc -

The Shorewall support page advocates including the output of "shorewall status" with problem reports that involve some sort of connection problem. I suspect that the number of people who feel comfortable analyzing problems through use this output is small. To help, I''ve created http://shorewall.net/AnalyzingShorewallStatus.html I suspect that the document isn''t

I have had Shorewall 2.0.8 up and running for a month or so. Now I need to change some things around. Currently I am running on a private IP scheme and Shorewall is setup based on the 3 interface guide. Now I want to change to a public scheme on my "loc" zone. I have a /24 block of public IP''s. I need my private scheme and public to co-exist so I currently have is eth1 (local)

Hopefully this is an easy question.... I''m using a leaf router (bearing) running shorewall. Three interfaces net, loc, and dmz. Only one computer in the dmz and its being proxy arp''d. External and internal (net and loc) can reach the dmz but the dmz cannot reach the isp''s gateway and beyond, but can reach a system adjacent to the firewall.

Hi, I''ve asked this elsewhere and received hints but no one seems to have a concrete explanation :- What I am looking to do is to be able to configure a Linux based router to be able to share THE SAME SINGLE Public IP address between the linux router and a single computer on the lan acting as the DMZ host (NOT normal NAT IP sharing !). So basically you have a linux router with two

I''ve got a serious mess of NAT on our firewall/router systems at the corporate office which seems to do nothing other than confuse the heck out of people. What I''d like to do is gradually migrate the hosts on the various DMZ networks away from private IP addresses and NAT over to public IP addresses and proxyarp. What I''m wondering, before I start this, is how do I

In an effert move my Dmz from a snapqear roouter to Linux with shorewall. Question is I have network 64.42.53.200/29 which makes default gw 64.42.53.201 network 64.42.53.200 broadcast 64.42.53.207 mask 255.255.255.248 and I want to set up shorewall with eth0 64.42.53.202 eth1 local eth2 dmz where dmz will use say 64.42.53.203 for web and email server. Where I do not need or should I say use

Please see https://bugzilla.redhat.com/show_bug.cgi?id=727648 for more info. Shorewall executes some bash code like the following: while read address interface external haveroute; do qt $IP -4 neigh del proxy $address dev $external [ -z "${haveroute}${g_noroutes}" ] && qt $IP -4 route del $address/32 dev $interface

My new DSL line came complete with a new Modem that is configured/monitored from a web browser. That inspired me to add a couple of new features to to the masq file which you can find in 2.1.1 (see attached release notes, New Feature 2). The modem has IP address 192.168.1.1 and is connected to eth0. My local network is 192.168.1.0/24 and is connected to eth2 which has IP address

While I''m in temporary retirement, I''ve decided spend a little time experimenting with new things and making some updates to the web site. The biggest result of this effort to date has been: http://shorewall.sf.net/Shorewall_Squid_Usage.html This outlines how to use Squid as a transparent proxy running on the firewall, in the DMZ or in the local network. In the latter two

Hi, I am trying to configure the SMTP service on DMZ host. Added the rule: ACCEPT wan dmz:66.58.99.84 tcp pop3 - ACCEPT wan dmz:66.58.99.84 tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp pop3 - issued shorewall clear, shorewall restart, but still couldn''t telnet to the mail server

Just some stuff that was laying around in CVS: 1. Added ''DNAT-'' target. 2. Print policies in ''check'' command. 3. Added CLEAR_TC option. 4. Added SHARED_DIR option. [teastep@wookie Shorewall]$ cat releasenotes.txt This is a minor release of Shorewall that has a couple of new features. New features include: 1) A new ''DNAT-'' action has been

http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

There have been a number of questions recently about Shorewall 2.0 and routing. In earlier posts, I said that Shorewall 2.0 would no longer alter the routing table as part of setting up Proxy ARP. I have been persuaded to take a different approach. In Shorewall 2.0.0-Alpha2, the HAVEROUTE column has been restored to the proxyarp file and a new PERSISTENT column has been added. If the

Hi Alex, and thanks for your time. Probably not. The servers are only configured like they where when they where parallel to the fw. Just the default gateway, same as for the external interface on the fw. That''s what the documentation instructed to configure the servers using arp. But is it required with extra configuration on the server connected via proxy arp? Or is it some parameter