similar to: Ping Requests issue

Hi, In a routed network environment, without the router , we want to use the shorewall as the firewall/router. The ISP has assigned the following set of IP addresses. WAN IP for subnet 1 (DATA) 220.227.202.X/30 ( to be assigned to eth0 of the shorewall) WAN IP for subnet 2 (Voice) 220.227.202.Y/30 ( to be assigned to eth1 of the shorewall) Addresses assigned for Subnet 1 by

Tom, Is not this query worth answering? -Siva -----Original Message----- From: Sivamurugu K. Pillai Sent: Friday, April 08, 2005 3:14 PM To: ''Mailing List for Shorewall Users'' Subject: ProxyARP in a Routed environment Hi, In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall external interface and the DMZ interface are in a

Hi, In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall external interface and the DMZ interface are in a completely different network . That means the gateway of the External interface and the hosts in ProxyARPed DMZ zones are in different network. eth0 ---in 220.227.X.Y/30 -- shorewall external interface eth1 ---in 220.227.A.B/27 -- shorewall

I am considering replacing my old checkpoint and watchguard firewalls witha single Linux box using iptables and shorewall. I have two ISP''s (with separate routing tables), two DMZ''s, at least one VPN to a remote office, and a local trusted network. The configuration will look like: +----------------+ | | net0 ----------+ eth1

Hi , I have a dude. I have four nic. Lan, wan, dmz1 and dmz2. I use proxy arp for dmz1 and work great. But in dmz2 have 2 machine with heartbeat. IP are type 192.168.x.x If use nat work fine from wan to dmz2, but from lan ?? how to access valid ip ?? Sorry for my bad english :)

I''m having another little problem with my new firewall. I want outgoing port 25 from my mail server to appear on the address 65.223.121.227 so I created the file masq: eth2 192.168.124.18 65.223.121.227 tcp 25 eth1 eth5 eth1 eth3 eth1 eth4 eth1 == net0 == 209.189.103.196/27 eth2 == net1 == 65.223.121.237/28 eth3 == dmz0 eth4 == dmz1 eth5 == loc ==

Hi, Thanks for your reply . I am attaching the files needed by you herewith. The NAT device is called Pronto gateway which has two interfaces , namely eth0 and eth1. ''eth0'' has an ip address of 203.124.152.66 and eth1 has an ip address of 192.168.1.3 . All the client PCs are in 192.168.1.0 network [behind the NAT, the Pronto gateway] and use 192.168.1.3 as the default

I would like to add a rule allowing only the address 192.168.150.20 and the range of addresses from 192.169.150.100 to 192.168.150.150 in zone dmz0 to connect to two terminal servers in the local zone. Is there a syntax that can specify a range of addresses in the rules file? Do I have to enter each one separately? -- Stephen Carville Unix and Network Adminstrator DPSI 6033 W.Century Blvd.

Network Configuration issues I''ve been working on this for 2 days PLEASE HELP! I am having the following issues with network configuration and I cannot ping the external interface to begin troubleshooting the network configuration. I know that the ISP''s router is configured correctly since I have attached it to a small Linksys firewall and was able to ping the 66.240.207.226

Sorry for the frantic nature of this message, but we need to allow pings on our firewall so our ISP can test things. I''ve done this, and it still doesn''t work: (I am now at v.2.0.10) rules: AllowPing net fw AllowPing sls fw show indicates some matches, so where are they? Chain AllowPing (4 references) pkts bytes target prot opt in out source

I did some looking on the mailing list archives and can''t seem to find exactly what I need, I''m also having troubles figuring this out on my own, so if anyone has any advice, tips, whatever, that would be great. I''ve got a machine with 3 network cards in it, one for a DMZ (with 3 machines on a switch each with a real IP address), one for the local network on a

Hi All, We have a single Centos 5.11 server running a xen hypervisor that went down hard after an extended power outage this weekend. I'm mostly familiar for KVM as that is the majority of what our guests run under and have tried getting up to speed on xen bridging to no avail. The problem is that after the xen server spun back up, the previously defined xen bridges were lost. I've

I''m noticing some weirdness in my ulog files with version 2.0.10. Here is a portion of the log: Jan 7 11:01:37 rancor Shorewall:loc2fw:AllowWOL: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:95:b2:11:4c:08:00 SRC=192.168.0.100 DST=192.168.0.255 LEN=97 TOS=00 PREC=0x00 TTL=64 ID=44155 CE PROTO=UDP SPT=631 DPT=631 LEN=77 Jan 7 11:01:39 rancor Shorewall:loc2fw:AllowWOL: IN=eth1 OUT=

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear all, I''m a bit confused on the rules and would like your help. I''ve 4 NIC, eth0 --> WAN (net) eth1 --> OSPF1 (bb1) eth2 --> OSPF2 (bb2) I would like to enable all the icmp function (ping and traceroute) Wonder what effect will the following policy make. bb0 all ACCEPT info bb1

I have allowed ALL of the local users to ping the internet but they currently get the following error and cannot access the internet ! I know it is something I have done wrong (I think it is a routing problem but just cannot find out what) The error is:- Reply from 212.219.13.74: destination host unreachable. My eth1 is 10.0.0.1 and the users can ping that OK My eth0 is 212.219.13.74 (connected

Hi There. I am in the process of "upgrading" my Xen 2.0.7 server with a Xen 3.0.2, though I am doing so on a different machine. My firewall will be running as a DomU, asit also does on the existing server. The new server is Ubuntu 6.06 and the existing server is Debian Sarge. On the existing server, I have the WAN interface hidden from Dom0 with the two other physical interfaces

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled

I''m getting my zones confused. Help. I need to have a bunch of systems using OpenVPN to gain an IP in the virtual subnet 10.100.1.0/24, on interface tun0. I will then route whole subnets to those IPs, like 10.100.2.0/24 via 10.100.1.12, etc. I want to have a policy for: - all hosts behind tun0 - all hosts in 10.100.1.0/24 - individual subnets being routed through IPs in

Hello, I am stumped on a problem I am having with Shorewall 2.0.1 on Mandrake 10. My setup is as follows. I have a /28 and have assiigned all ip addresses to my firewall using aliases. I am able to setup rules to allow specific traffic to specfic ip addresses on the firewall like so: ACCEPT net:w.x.y.z $FW:w.x.y.z tcp 22 This works great for TCP and UDP traffic. I can

Hiya, My two cents here .. I use a locked down Linux Sendmail relay (use sendmail null-client feature on any spare old server or PC) in my DMZ to relay Mail to the exchange server in my local zone. Its sort of the moat you have to cross over to get at the castle walls and the hot oil dumped on your head approach. Francesca C. Smith Lady Linux Internet Services 1801 Bolton Street # 1 Baltimore,