similar to: RE: Proxy ARP working from Internet butnotfromfwand loc

Hello everybody. I could not find an answer to my problem in the archive. (But that may just be me :-) ) I have a problem with proxy arp and connection from loc (localnet) and from the firewall. Works fine from internet to dmz / proxy arp and vise versa. I have a feeling the solution is simple, but I''m no guru in Linux routing etc. The problem seems to be the routing setup. loc -

I have been using shorewall and freeswan successfully for 3 or more years now. But they have all been using the Linux 2.4 kernel. My current configuration is (as the title suggests) using SuSE 9.1 which has a 2.6.5 kernel and freeswan 2.0.4 built-in. After much reading and a lot of trial and error, I did get this combination to work with Shorewall 2.0.9. It is happily talking to an older Mandrake

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

i have no idea how to definie for a parallel zone the host file if the second zone (net) should be the composition of the first zone (dmz). i tried all the following combinations in the interface and host files: interface: - eth0 - (variante 1) - eth0 192.168.0.255,255,255,255,255 (variante 2) - eth0 192.168.0.255,!192.168.0.255 (variante 3)

hi, i have a strange situtation. i try to connect to my machine with ssh and the packets are dropped but i have at the top of my rules an accept. the configuration looks like: rules-file: ----------- ACCEPT net fw tcp 22 - TCPDUMP-log: ------------ 12:16:08.153934 84.153.98.30.1322 > [my-destination-machine].ssh: S 3717288415:3717288415(0) win 64240 <mss

Hi, I''ve a little problem, I hope so.. First a hint, I haven''t a static IP - Adress and so I used a dyndns Provider. In DMZ runs a sftp server. It should accessible from net. My router is forwarding the traffic from port 22 to the machine in DMZ. Now, in basic installation I have rfc1918-dropping configured by net interface. My problem: If rfc1918 dropping is on I

On the firewall, what is the rationale for giving eth1 an IP address that is also assigned eto eth0? (Rather than a private one.) -- Taso Hatzi caesar 17 <<-salad cjbx jc vdwwjar jc xi jc jd salad

Hi There, Due to shortage computer, I need to install Apache to my Shorewall box (192.168.1.1) But the real web server is on another box (192.168.1.2) I tried to put rule: DNAT net loc:192.168.168.1 tcp 80 But everytime www connection coming in, it will hit my shorewall Any solution? Cheer Access Yahoo!7 Mail on your mobile. Anytime. Anywhere. Show me how:

Hi folks, Has anyone tested the changes to multiple ISPs/load balancing or routestopped in 2.4.0-RC1 yet? We need to talk about what criteria we will use for determining whether 2.4.0 is ready for release. I''ve started configuring a firewall at work with the multiple ISPs support, but its kernel doesn''t have connection marking support, so it''s going to be a couple of

It is with regret that I announce that Shorewall development and support is officially ended. Sean''s post has finally driven it home to me that in the long term, trying to support a project like Shorewall is impossible for a person of my personality and age. Sean -- please believe that this isn''t about you or your post -- your post was just the proverbial straw on this old

Hi Guys, I have been trying to configure shorewall 1) Internet Access to internal users 2) Have a DMZ that will house atleast 6 mail / web / ftp servers that will server our existing group companies outside our physical location. 3) Setup openvpn between our location and our group companies . What i have done so far is : - Created the 3 zones with the IP ranges as below. DMZ:172.16.10.x

hi list, oh it''s not really a problem. Each time i fire shorewall, i run a custom iptables script: (for the openvpn machines to have route back from my bridge/fw - $SOURCEIP is the ip of my OpenVPN/Fw/bridge) iptables -A POSTROUTING -t nat -s 10.8.0.0/16 -j SNAT --to-source $SOURCEIP i wish to better integrate it within shorewall, so is there any config files that could achieve the

I would like to place an exchange 5.5 server in my DMZ. Can anyone tell me how I can set this up to allow LAN clients to be able to connect to Exchange and also so I can admin the box from the LAN with Terminal Services? Thank you.

I''ve got a serious mess of NAT on our firewall/router systems at the corporate office which seems to do nothing other than confuse the heck out of people. What I''d like to do is gradually migrate the hosts on the various DMZ networks away from private IP addresses and NAT over to public IP addresses and proxyarp. What I''m wondering, before I start this, is how do I

I have a dsl modem and two static IP addresses: 66.17.65.22 and 66.17.65.161. I am using the standard configuration from the Shorewall Setup Guide for multiple IP addresses and modifications suggested by the Aliased Interfaces Guide. I want to set up a shorewall 2.08 router for my home (Fedora Core 2 / kernel 2.6.8-1.521). I want share an internet connection with some pc''son a local

I''ve had some issues with my network, and I''ve had to reconfigure my Gibraltar CD. It runs shorewall 1.4.8, and I have a 2-interface setup, so I downloaded the relevant files from the install page. Masq and such works, but I''m having a problem with my port forwarding. It works for port 22, but it doesn''t seem to work for any other port. I''ve turned

Hi! First of all, let me say a big "thank you" to Tom for creating shorewall. I''ve been using it for a few months now and it''s such a relief to not have to resort to OpenBSD''s pf (which is so much more sane than Linux'' iptables madness) for the most basic firewalling tasks. I have a question that I didn''t seem to be able to find in the FAQ.

I made a boo boo in my config and put in this rule #PPTP DNAT net:213.67.241.162/217.209.46.204/32 loc:192.168.221.200 tcp 1723 DNAT net:213.67.241.162/32,217.209.46.204/32 loc:192.168.221.200 47 - And the the following happened.. and I wonder why it didn''t complain? I am sure I am just misunderstanding some doc

Hi Guys, Thi sis my first post, sorry for my english, I''m Italian. I desperate try configure home server/router connected over ADSL with dynamic IP. I''ve registered to no-ip and in order to connect externaly to my home server. My system is gentoo based. I''ve just installed different pubblic servers with static IP and shorewall and had no problems, but my own home

Hi! I don;t know what i am doing wrong because i have still Low ID on aMule. I have action.AllowaMule and accept tcp 4662:4771 and udp 4672. Thanks, Mitja