similar to: Twice NAT Possible

Hello I have DSL 2000 (2048 kbit/s download and 256 kbit/s upload) I have ping to fast sites very high: 64 bytes from w2.rc.vip.scd.yahoo.com (66.94.234.13): icmp_seq=3 ttl=50 time=2185 ms 64 bytes from w2.rc.vip.scd.yahoo.com (66.94.234.13): icmp_seq=4 ttl=50 time=1983 ms 64 bytes from w2.rc.vip.scd.yahoo.com (66.94.234.13): icmp_seq=5 ttl=50 time=1826 ms and I know why. I have 2 interfaces:

Hi, I''m trying to use shorewall for a RAS dialup solution We have networks we need to connect to with the same ranges internally (i.e. 2 separate users with a 192.168.0.0/24 range). We connect to these via a pptp tunnel (or isdn) The problem we have is that we need to access these networks all the time, so allocate them a range from our internal range. This will then be NATed to the

Hello all gurus, I have a question, and I do not know if it has every been asked. I am wondering if shorewall has the capablility to use GEOip. I have an extensive blacklist that keeps growing and growing by the month. I was wondering if there was any capablility of using GEOip or any plans in the future. Thanks Shorewall Administrator.

If you are interested in helping with testing new features, please look at http://shorewall.net/netmap.html. If you have a need for this type of network-level address mapping and/or are in a position to test it please let me know. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

I''m wondering if the following is possible under recent versions of shorewall: 1. We have several class-C networks from both UUNet and Internap, both of which are actually routed over a single inbound ethernet line from UUNet at our colocation facility: 204.176.148.0/23 and 216.52.83.0/24. This gives us a total of 3 class-C subnets. All packets for these three subnets would land on

Sorry for asking this, as I believe it to be a kernel-related rather than Shorewall-related problem. But some of you guys seem to have a lot of experience with these kind of things. I''m setting up a NAT''ing router with two ISP lines. At first sight, everything works as expected, however when the local machines try to keep a TCP-connection open for a long time, it disconnects

Hi! I don;t know what i am doing wrong because i have still Low ID on aMule. I have action.AllowaMule and accept tcp 4662:4771 and udp 4672. Thanks, Mitja

Hi! I''ve been searching the net for information about this topic, but I can''t find anything relevant to my problem or I don''t understand the answer completely. Please enlighten me... :-) I''m trying to replace a Cisco PIX firewall with a Linux Shorewall box. Today the users behind the Cisco FW is on a NAT-network and in the same network there are a couple of

Hi All, >From the documentation I have read on Shorewall, the preferred approach seems to be, to use Proxy ARP instead of Static NAT for hosting web servers in the DMZ Zone. But I have also read that this could cause problems for VPN configurations. I essentially have multiple public IP''s, which I want to map to private addresses in the DMZ. I also intend to setup a gateway between 2

I have a standard 3 interface shorewall setup and I want to receive multicast stuff from ''net'' -> ''loc''. This requires me, first, to do an IGMP join which involves 192.168.1.x -> 224.0.0.x being NATed out as the ''net'' interface''s IP address. Obviously replies have to be NATed back to ''loc'' addresses. Can

Hi, is there a way to use shorewall together with peerguarding? It work but when i start peerguarding ... connections are only checked against the blacklist :(. greets puchu ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees

Hi folks, I know this isn''t a shorewall question, but i''m hoping someone can point me to the right place to look for answers on this (since, as Tom suggests, search engines are useless for some things): Here is my firewall setup: ADSL1 ADSL2 dialup \ | / firewall | DMZ It''s a fairly simple setup. ADSL1 has a static IP, ADSL2 is

Network Configuration issues I''ve been working on this for 2 days PLEASE HELP! I am having the following issues with network configuration and I cannot ping the external interface to begin troubleshooting the network configuration. I know that the ISP''s router is configured correctly since I have attached it to a small Linksys firewall and was able to ping the 66.240.207.226

What changes would I need to make if there is a 4th interface that is going to a DMZ Thanks Gene

i have no idea how to definie for a parallel zone the host file if the second zone (net) should be the composition of the first zone (dmz). i tried all the following combinations in the interface and host files: interface: - eth0 - (variante 1) - eth0 192.168.0.255,255,255,255,255 (variante 2) - eth0 192.168.0.255,!192.168.0.255 (variante 3)

Hi Guys, I have been trying to configure shorewall 1) Internet Access to internal users 2) Have a DMZ that will house atleast 6 mail / web / ftp servers that will server our existing group companies outside our physical location. 3) Setup openvpn between our location and our group companies . What i have done so far is : - Created the 3 zones with the IP ranges as below. DMZ:172.16.10.x

Hi, In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall external interface and the DMZ interface are in a completely different network . That means the gateway of the External interface and the hosts in ProxyARPed DMZ zones are in different network. eth0 ---in 220.227.X.Y/30 -- shorewall external interface eth1 ---in 220.227.A.B/27 -- shorewall

From reading the documentation, I understand that it is recommended to put servers that may be at risk in a DMZ served via proxy-arp. In this case, the local clients that are behind a NAT would have their connections to the DMZ masqueraded, yes? Is there any way around this that would still be considered secure? Just looking for advice. Thanks, A.

i ask here after give up reading and following all the documentation.. i got 3 nic eth0:222.222.222.222 netmask:255.255.255.252 gateway:222.222.222.221 eth1:10.10.10.254 netmask:255.255.255.0 gateway:blank eth2:10.10.11.254 netmask:255.255.255.0 gateway: blank i''m running redhat9, and shorewall2.2.2 eth0 connected to dsl modem ( static ip ) eth1 connected to d-link router ( for

Hello all, I''ve recently configured and IPsec VPN between my OpenSUSE 10.2 router firewall running shorewall 3.4.4 and a friends Draytek Vigro 2930 ADSL modem/router/firewall. All is good other than my router can''t ping anything on my friends LAN, however machines on my LAN behind the firewall can ping machines on my friends firewall without problem. I''ve updated my