Displaying 20 results from an estimated 10000 matches similar to: "RE: Setting up a routed DMZ -CLOSED"
2005 Jun 16
5
Setting up a routed DMZ
Hello all,
I''ve read the shorewall guides and browsed through the mailing
lists, but I haven''t been able to find out if the following is possible
or not using shorewall.
Our provider has given us 16 IPs + 4 in a separate range for our uplink.
I would like to replace that router with a Linux box running shorewall
with three interfaces. I want the DMZ to be a standard, routed
2004 Nov 01
2
dmz setup
I am trying to add a machine into my dmz. It is the first machine I''ve
ever added to this dmz and fro some reason I cannot establish
communication between the dmz and the machine.
Here is an example of my setup:
ISP router --> firewall (eth0)
firewall (eth1) --> local network
firewall (eth2) --> DMZ
eth0 and eth2 have public IP addresses as does the machine I just added
to
2005 Jan 18
4
DMZ Recommendations
From reading the documentation, I understand that it is recommended to
put servers that may be at risk in a DMZ served via proxy-arp. In this
case, the local clients that are behind a NAT would have their
connections to the DMZ masqueraded, yes?
Is there any way around this that would still be considered secure?
Just looking for advice.
Thanks,
A.
2005 Apr 12
8
SMTP / DMZ
Hi Guys,
I have been trying to configure shorewall
1) Internet Access to internal users
2) Have a DMZ that will house atleast 6 mail / web / ftp servers that
will server our existing group companies outside our physical location.
3) Setup openvpn between our location and our group companies .
What i have done so far is :
- Created the 3 zones with the IP ranges as below.
DMZ:172.16.10.x
2003 Jan 13
4
DMZ hosts gateway
Hi everyone,
I have a question regarding the default gateway for hosts on DMZ zone. I moved servers from parallel to the DMZ (outside the firewall, directly connected to I-net) to inside DMZ. The default gw for these servers was the DSL router(bridge) of my ISP.
What should be the default gw (for the hosts inside the DMZ), when hosts are inside the DMZ now - still the DSL router (external
2004 Dec 07
16
Dmz
Hey Tom,
I have successfully set up to servers on a Dmz practice network woohoo
:).
If I take out the proxyarp option in /etc/shorewall/interfaces
Then Dmz can ping outside ip''s on the net but not and of my servers
on network 66.224.62.96/27 (Other than its own gateway server 66.224.62.120)
The reason I ask is to learn. I thought I would not need the proxyarp
option for this to
2004 Aug 22
6
LAN to DMZ zone issues.
Hello all,
Name is Andrew and in desperate need of some info.
Setup:
- Mandrake 9.1 with three interfaces
(eth0 --> WAN) C-class /28 network (with tree virtual addresses which I
am DNAT-ing to the DMZ)
(eth1 --> LAN) A-class 10.0.0.0/8
(eth2 --> DMZ) A-class subnet 10.1.123.0/24
- Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk
Dilemma:
- LAN can not access the DMZ zone
2003 Jan 13
5
Using private & public addresses together i n the Shorewall''s DMZ zone
To rephrase the question, "Can I use masquerading and proxy ARP in the same
zone simultaneously?" It''s not a stupid question--I couldn''t see any reason
why it wouldn''t work, but I had actually try it out to convince myself that
it did (which isn''t a bad thing to do before posting the question to the
list, by the way). In any case, the answer is
2003 Jan 02
1
mail server in dmz
Hi, in a three interface firewall I have
eth0, loc, 10.1.5.1/16
eth1, int, 200.41.61.228/29
eth2, dmz, 192.168.1.1/24
(un)fortunately I got a group of public ip?s to use, so here is my problem
in the dmz I have 192.168.1.3 redirected from eth1 alias 200.41.61.226 (a web server,
works perfect).
I am trying to set up a mail server also, a different machine, so I can?t use proxyarp, as
with this,
2004 Jul 27
2
icmp traceroute from dmz behind proxy-arp - icmp code 11 ?
hello there,
im running a 3interface inet, dmz, loc. i have some public ip addresses.
one public address is the router of the provider, the second one is the
linux box running shorewall. all other public interfaces are on the dmz
nic with proxy-arp.
now whenever i do a traceroute (the dmz boxes are windows, icmp
traceroute) the very first hop gets timeout/stars, then the router of
the provider
2003 Jan 05
2
Shorewall DMZ - Proxy ARP or Static NAT
Hi All,
>From the documentation I have read on Shorewall, the preferred approach
seems to be, to use Proxy ARP instead of Static NAT for hosting web servers
in the DMZ Zone. But I have also read that this could cause problems for VPN
configurations.
I essentially have multiple public IP''s, which I want to map to private
addresses in the DMZ. I also intend to setup a gateway between 2
2005 Jan 25
9
Ftp Broken in Dmz
I have had a web server listining sql-1433, www 80,
ftp-21 using proxy arp with sub-netting in a three interface DMZ.
All these ports are in the rules file as ACCEPT.
With one exeception that 1433 allows a few host from
the net. 21 and 80 allow all net to dmz connections.
The policy is DMZ to net ACCEPT
This has been working great for about a month or more until I rebooted
the
2004 Nov 22
10
routed vs non routed
In an effert move my Dmz from a snapqear roouter to Linux with shorewall.
Question is I have network 64.42.53.200/29
which makes default gw 64.42.53.201 network 64.42.53.200 broadcast
64.42.53.207
mask 255.255.255.248 and I want to set up shorewall with eth0 64.42.53.202
eth1 local eth2 dmz where dmz will use say 64.42.53.203 for web and email
server.
Where I do not need or should I say use
2005 Jun 18
8
getting my head around DMZ
Hello,
I have been running Shorewall for quite some time at an ISP client of
mine to protect his LAN. We have just upgraded to 2.2.4 and he now wants
to put his servers in a DMZ.
The servers have public IPs in two classes xxx.xxx.79.0 and
xxx.xxx.242.0. The public IP on the router for each class is
xxx.xxx.79.126 and xxx.xxx.242.126.
I am using masq and 192.168.1.0 on eth0 LAN
I have tried
2005 Feb 28
6
Trouble w/ transparent proxy in DMZ (fwmark, tc)
2004 Sep 29
4
Re: start error]
thanks again for your sharp eye and speedy response. i have corrected the typos in the IP in the masq file. I am sorry to have to ask for more help but my pc''s on the local network can''t reach the dmz webserver using the webserver''s local or Public IP address. I need to be able to do this in order to test the split DNS setup for the network. Using ethereal on the
2005 May 06
1
NAT and DMZ
Hi,
I have this case:
My Shorewall is a internet gateway:
(fw) eth0 -> 200.209.100.0/30
(loc) eth1 -> 192.168.0.0/24
(dmz) eth2 -> 200.209.100.8/30
In the DMZ, I have another linux, with a web server too.
eth0 -> 200.209.100.10/30 - running Apache at port 1700
eth1 -> 192.168.0.0/24
My problem is:
I need to make a NAT, from my local
2002 Aug 09
2
Proxy Arp
Hopefully this is an easy question....
I''m using a leaf router (bearing) running shorewall. Three interfaces net,
loc, and dmz. Only one computer in the dmz and its being proxy arp''d.
External and internal (net and loc) can reach the dmz but the dmz cannot
reach the isp''s gateway and beyond, but can reach a system adjacent to the
firewall.
2005 Apr 08
10
ProxyARP in a Routed environment
Hi,
In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall
external interface and the DMZ interface are in a completely different network . That means the gateway of the External interface and the hosts in ProxyARPed DMZ zones are in different network.
eth0 ---in 220.227.X.Y/30 -- shorewall external interface
eth1 ---in 220.227.A.B/27 -- shorewall
2002 Jun 07
4
Proxy ARP - Pros & Cons
In a previous thread, Tom listed advantages (reproduced below) of Proxy
ARP over NAT. They are great reasons, but I have one reservation. By
using private addresses with NAT for servers in my DMZ, I can granularly
allow specific traffic, such as to/from the SMTP gateway/relay in the
DMZ, to connect inbound from the DMZ to an internal (LOC) mail server,
and know that it comes only from a