similar to: Multiple public IP / single machine?

Has anyone created a firewall (Linux) router with Shorewall that was on a write protected bootable media, floppy or CDROM? -- This message has been scanned for viruses and dangerous content by Ramblernet''s MailScanner, and is believed to be clean.

I''ve got a small network and have successfully used Shorewall on a single IP (static) and two interface setup for the past three years. The firewall also runs DNS, Apache and Sendmail. I''m planning on moving the web server and mail to a DMZ machine and setting up a three interface configuration. As I sit here thinking ahead, I''m not sure I understand how the mail server

I have a few IP addresses attached to an interface without problems. I also have some chrooted environments attached to these IP addresses. Is there a way to make connections (telnet) from these environments look like they are coming from the aliased IP''s rather than the main IP address? Thanks for any help Kevin.

Hello all, I have shorewall setup with 3 SNAT entries for external IP address''s to a single IP internal address. I am wondering how to limit access based on the source IP address. ex. EXT IP 1 access only to port 25 EXT IP 2 access only to port 443 EXT IP 3 access only to port 80 I have the SNAT setup correctly and I have 3 accept line in the rules file (25,80,443) but I can hit

I am setting to a shorewall system with 4 NIC''s as per the outline specification below. Can anyone please have a look and let me know what I have missed and what I have got wrong as I want to take this system live ASAP but do not want to kill internet access and the hosting for too long ! I have listed below the system outline & have attached the config files that I have changed, if

More than one of our docs issues revolve around some confusion between "IP masquerading" and "SNAT" -- a confusion I might share, or if contagious, I may be catching. <g> I think of SNAT more or less as a special case of IP masquerading, applicable when, for example, the external interface has multiple IP''s and you choose to _explicitly_ set the address through

Hi, I am building a firewall that will have two groups of subnets behind it which I''ll provision via vlans. The upstream provider will be supplying a router with a single interface with two subnets routed into it, one is a private connection to the corporate WAN and the other is a public (Internet) block. One group of subnets behind the firewall will be SNAT''d out through a

I have two feeds, one with a static IP and one with a dynamic IP. How can I configure a Multi-ISP setup with the dynamic IP, or can I? I don''t think the gateway will change, just the interface IP. -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com --

hi, there was some email problems and i repeat my question too fast, but this is the second part of my questions. - only the rules and policy files give access right? ie. rules in the FORWARD chain of the filter table in iptables ? - is a line in masq file automaticaly add an accept rule too? eg. in msaq file eth0 <internal ip> allow connection from <internal ip> (local zona) to the

Hello ! I am using shorewall , it is okey. Just i like to forbid edonkey as i did for kazaa using ftwall. Thanks. Wahid.

Hi! I''ve been searching the net for information about this topic, but I can''t find anything relevant to my problem or I don''t understand the answer completely. Please enlighten me... :-) I''m trying to replace a Cisco PIX firewall with a Linux Shorewall box. Today the users behind the Cisco FW is on a NAT-network and in the same network there are a couple of

Hi! Can I use the old version shorewall 1.2.12 configure as SNAT and DMZ ? Because Debian Linux came with the default shorewall 1.2.12 . Best Regards, Support

Hi all, I''m using Shorewall since one year (1.4, then 2.0) I''m trying to migrate a linux firewall from iptables rules to shorewall. The firewall has three zones - net internet - loc1 lan - loc2 second lan I have a lot of rules like this, to SNAT the ip addresses of some computers on loc1 (192.168.16.0/24) when they connect to loc2 (10.0.0.0/8) iptables -v -t nat -I

I''m doing more releases of 1.4.* to try to work around the absurd way in which the 2.6 kernel supports ipsec. 1.4.10 will provide a means for excluding multiple destination hosts/subnets from masquerade/SNAT. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

In the panic of replacing our firewall(s) earlier in the week, we ended up moving our original shorewall 1.4 config onto a machine with 2.0.10 already installed, overwriting all the 2.0.10 config files. Most things seem to work fine, except for our masq entries. I''ve examined the default 2.0.10 files compared with our 1.4 files, and can''t spot the problem. What am I missing?

Hi ! I have setup a complete shorewall now with DMZ, and Private zones and masq, rules, port-forwarding etc. worx like expected. BUT I have a wish to use a couple of more public IP''s and relate those to inernal servers on the DMZ zone and i am now so confused about it. I have searched this archive for SNAT port allow Setup: 3 public adresses on the WAN nic. lets call them 80.80.80.80 -

Hello Shorewall list, I''m a happy Shorewall user since a few years now and everything works fine for me except one thing that I try to implement since a week, the multi-isp. I''ve downloaded the 2.4.0 Stable release yesterday and tried the RC2 since a week. My config is a Debian running a kernel 2.4.27 home made with the CONNMARK.diff patch applied I''m using 2 ISP,

hi list, oh it''s not really a problem. Each time i fire shorewall, i run a custom iptables script: (for the openvpn machines to have route back from my bridge/fw - $SOURCEIP is the ip of my OpenVPN/Fw/bridge) iptables -A POSTROUTING -t nat -s 10.8.0.0/16 -j SNAT --to-source $SOURCEIP i wish to better integrate it within shorewall, so is there any config files that could achieve the

Hi all, I''m tring to convert some manually written iptables rules into a shorewall configuration but I''m facing some issue with mode statistic. In our outgoing smtp we balance the source IP address of outgoing connections originating from the firewall between 4 alias configured on eth0 interface: eth0 inet addr:xxx.xxx.xxx.18 Bcast:xxx.xxx.xxx.255 Mask:255.255.255.0 eth0:1

My telco is moving to feeding me over fiber, breaking out with a media converter to one Ethernet interface. At present, I am retaining the static feed over copper on eth0, and taking the two new feeds via vlans on eth1. I have configured the static IP feed on eth1:790 as vlan 790, and that seems to be fine, and eth1:780 as the PPPOE feed, and brought up PPPOE to give me an IP, that is