Displaying 20 results from an estimated 30000 matches similar to: "Twice NAT Possible"
2005 Oct 23
6
configuring DNS
Hello
I have DSL 2000 (2048 kbit/s download and 256 kbit/s upload)
I have ping to fast sites very high:
64 bytes from w2.rc.vip.scd.yahoo.com (66.94.234.13): icmp_seq=3 ttl=50 time=2185 ms
64 bytes from w2.rc.vip.scd.yahoo.com (66.94.234.13): icmp_seq=4 ttl=50 time=1983 ms
64 bytes from w2.rc.vip.scd.yahoo.com (66.94.234.13): icmp_seq=5 ttl=50 time=1826 ms
and I know why. I have 2 interfaces:
2004 Nov 24
6
Route first or NAT?
Hi,
I''m trying to use shorewall for a RAS dialup solution
We have networks we need to connect to with the same ranges internally
(i.e. 2 separate users with a 192.168.0.0/24 range). We connect to these
via a pptp tunnel (or isdn)
The problem we have is that we need to access these networks all the
time, so allocate them a range from our internal range. This will then
be NATed to the
2005 Oct 24
4
Shorewall and GEOIP????
Hello all gurus,
I have a question, and I do not know if it has every been asked. I am
wondering if shorewall has the capablility to use GEOip. I have an
extensive blacklist that keeps growing and growing by the month. I was
wondering if there was any capablility of using GEOip or any plans in the
future.
Thanks
Shorewall Administrator.
2004 Mar 19
6
Anyone want to test NETMAP?
If you are interested in helping with testing new features, please look
at http://shorewall.net/netmap.html. If you have a need for this type of
network-level address mapping and/or are in a position to test it please
let me know.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2003 Oct 17
5
Question on sNAT for multiple external subnets
I''m wondering if the following is possible under recent versions of
shorewall:
1. We have several class-C networks from both UUNet and Internap, both of
which are actually routed over a single inbound ethernet line from UUNet
at our colocation facility: 204.176.148.0/23 and 216.52.83.0/24. This
gives us a total of 3 class-C subnets. All packets for these three subnets
would land on
2005 Nov 21
8
[Off-topic] Two provider-setup breaks long-running TCP-connections
Sorry for asking this, as I believe it to be a kernel-related rather
than Shorewall-related problem. But some of you guys seem to have a
lot of experience with these kind of things.
I''m setting up a NAT''ing router with two ISP lines.
At first sight, everything works as expected, however when the local
machines try to keep a TCP-connection open for a long time, it
disconnects
2005 Apr 09
12
aMule
Hi!
I don;t know what i am doing wrong because i have still Low ID on aMule. I
have action.AllowaMule and accept tcp 4662:4771 and udp 4672.
Thanks,
Mitja
2003 Jun 20
7
NAT PAT & SNAT
Hi!
I''ve been searching the net for information about this topic, but I can''t
find anything relevant to my problem or I don''t understand the answer
completely. Please enlighten me... :-)
I''m trying to replace a Cisco PIX firewall with a Linux Shorewall box. Today
the users behind the Cisco FW is on a NAT-network and in the same network
there are a couple of
2003 Jan 05
2
Shorewall DMZ - Proxy ARP or Static NAT
Hi All,
>From the documentation I have read on Shorewall, the preferred approach
seems to be, to use Proxy ARP instead of Static NAT for hosting web servers
in the DMZ Zone. But I have also read that this could cause problems for VPN
configurations.
I essentially have multiple public IP''s, which I want to map to private
addresses in the DMZ. I also intend to setup a gateway between 2
2005 Jan 12
6
multicast NAT
I have a standard 3 interface shorewall setup and I want to receive
multicast stuff from ''net'' -> ''loc''. This requires me, first, to do an
IGMP join which involves 192.168.1.x -> 224.0.0.x being NATed out as the
''net'' interface''s IP address. Obviously replies have to be NATed back to
''loc'' addresses.
Can
2005 Oct 31
1
Peerguardian + Shorewall
Hi,
is there a way to use shorewall together with peerguarding? It work but when i
start peerguarding ... connections are only checked against the blacklist :(.
greets puchu
-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees
2005 Feb 21
4
Routing changes break NAT (not a shorewall question)
Hi folks,
I know this isn''t a shorewall question, but i''m hoping someone can
point me to the right place to look for answers on this (since, as Tom
suggests, search engines are useless for some things):
Here is my firewall setup:
ADSL1 ADSL2 dialup
\ | /
firewall
|
DMZ
It''s a fairly simple setup. ADSL1 has a static IP, ADSL2 is
2005 Mar 03
20
Network config and troubleshooting wih Ping
Network Configuration issues
I''ve been working on this for 2 days PLEASE HELP!
I am having the following issues with network configuration and I cannot
ping the external interface to begin troubleshooting the network
configuration.
I know that the ISP''s router is configured correctly since I have
attached it to a small Linksys firewall and was able to ping the
66.240.207.226
2004 Nov 19
14
FAQ 32
What changes would I need to make if there is a 4th interface that is going
to a DMZ
Thanks
Gene
2004 Dec 10
9
parallel zone: loc2 is composition of loc1
i have no idea how to definie for a parallel zone the host file if the
second zone (net) should be the composition of the first zone (dmz).
i tried all the following combinations in the interface and host files:
interface:
- eth0 - (variante 1)
- eth0 192.168.0.255,255,255,255,255 (variante 2)
- eth0 192.168.0.255,!192.168.0.255 (variante 3)
2005 Apr 12
8
SMTP / DMZ
Hi Guys,
I have been trying to configure shorewall
1) Internet Access to internal users
2) Have a DMZ that will house atleast 6 mail / web / ftp servers that
will server our existing group companies outside our physical location.
3) Setup openvpn between our location and our group companies .
What i have done so far is :
- Created the 3 zones with the IP ranges as below.
DMZ:172.16.10.x
2005 Apr 08
10
ProxyARP in a Routed environment
Hi,
In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall
external interface and the DMZ interface are in a completely different network . That means the gateway of the External interface and the hosts in ProxyARPed DMZ zones are in different network.
eth0 ---in 220.227.X.Y/30 -- shorewall external interface
eth1 ---in 220.227.A.B/27 -- shorewall
2005 Jan 18
4
DMZ Recommendations
From reading the documentation, I understand that it is recommended to
put servers that may be at risk in a DMZ served via proxy-arp. In this
case, the local clients that are behind a NAT would have their
connections to the DMZ masqueraded, yes?
Is there any way around this that would still be considered secure?
Just looking for advice.
Thanks,
A.
2005 Mar 20
25
Client Behind Router can''t get internet & cannot do fowarding...
i ask here after give up reading and following all the
documentation..
i got 3 nic
eth0:222.222.222.222
netmask:255.255.255.252
gateway:222.222.222.221
eth1:10.10.10.254
netmask:255.255.255.0
gateway:blank
eth2:10.10.11.254
netmask:255.255.255.0
gateway: blank
i''m running redhat9, and shorewall2.2.2
eth0 connected to dsl modem ( static ip )
eth1 connected to d-link router ( for
2007 Dec 10
8
Router A Unable to Connect to Router B on VPN
Hello all,
I''ve recently configured and IPsec VPN between my OpenSUSE 10.2 router
firewall running shorewall 3.4.4 and a friends Draytek Vigro 2930 ADSL
modem/router/firewall. All is good other than my router can''t ping
anything on my friends LAN, however machines on my LAN behind the
firewall can ping machines on my friends firewall without problem.
I''ve updated my