Displaying 20 results from an estimated 11000 matches similar to: "RE: Proxy ARP working from Internet butnotfromfwand loc"
2005 May 30
2
Proxy ARP working from Internet but not from fw and loc
Hello everybody.
I could not find an answer to my problem in the archive. (But that may just
be me :-) )
I have a problem with proxy arp and connection from loc (localnet) and from
the firewall.
Works fine from internet to dmz / proxy arp and vise versa.
I have a feeling the solution is simple, but I''m no guru in Linux routing
etc.
The problem seems to be the routing setup.
loc -
2004 Oct 20
11
Shorewall, Freeswan and SuSE 9.1
I have been using shorewall and freeswan successfully for 3 or more
years now. But they have all been using the Linux 2.4 kernel. My current
configuration is (as the title suggests) using SuSE 9.1 which has a
2.6.5 kernel and freeswan 2.0.4 built-in.
After much reading and a lot of trial and error, I did get this
combination to work with Shorewall 2.0.9. It is happily talking to an
older Mandrake
2004 Nov 02
3
Shorewall 2.2.0 Beta 2
http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
Problems Corrected:
1. The "shorewall check" command results in the (harmless) error
message:
/usr/share/shorewall/firewall: line 2753:
check_dupliate_zones: command not found
2. The
2004 Dec 10
9
parallel zone: loc2 is composition of loc1
i have no idea how to definie for a parallel zone the host file if the
second zone (net) should be the composition of the first zone (dmz).
i tried all the following combinations in the interface and host files:
interface:
- eth0 - (variante 1)
- eth0 192.168.0.255,255,255,255,255 (variante 2)
- eth0 192.168.0.255,!192.168.0.255 (variante 3)
2005 Mar 04
9
strange behaviour with rulesets
hi,
i have a strange situtation. i try to connect to my machine with ssh and
the packets are dropped but i have at the top of my rules an accept.
the configuration looks like:
rules-file:
-----------
ACCEPT net fw tcp 22 -
TCPDUMP-log:
------------
12:16:08.153934 84.153.98.30.1322 > [my-destination-machine].ssh: S
3717288415:3717288415(0) win 64240 <mss
2004 Nov 09
9
Dyndns
Hi,
I''ve a little problem, I hope so..
First a hint, I haven''t a static IP - Adress and so I used a dyndns
Provider.
In DMZ runs a sftp server. It should accessible from net. My router is
forwarding the traffic from port 22 to the machine in DMZ. Now, in
basic installation I have rfc1918-dropping configured by net
interface.
My problem:
If rfc1918 dropping is on I
2004 Nov 16
4
Query re Tom''s firewall (see http://www.shorewall.net/myfiles.htm)
On the firewall, what is the rationale for giving eth1 an IP address
that is also assigned eto eth0? (Rather than a private one.)
--
Taso Hatzi
caesar 17 <<-salad
cjbx jc vdwwjar jc xi jc jd
salad
2009 Jun 18
9
Redirect port 80 away from Shorewall?
Hi There,
Due to shortage computer, I need to install Apache to my Shorewall box (192.168.1.1)
But the real web server is on another box (192.168.1.2)
I tried to put rule:
DNAT net loc:192.168.168.1 tcp 80
But everytime www connection coming in, it will hit my shorewall
Any solution?
Cheer
Access Yahoo!7 Mail on your mobile. Anytime. Anywhere.
Show me how:
2005 May 29
17
Plans for 2.4.0
Hi folks,
Has anyone tested the changes to multiple ISPs/load balancing or
routestopped in 2.4.0-RC1 yet? We need to talk about what criteria we
will use for determining whether 2.4.0 is ready for release.
I''ve started configuring a firewall at work with the multiple ISPs
support, but its kernel doesn''t have connection marking support, so it''s
going to be a couple of
2005 May 18
102
I quit.
It is with regret that I announce that Shorewall development and support is
officially ended.
Sean''s post has finally driven it home to me that in the long term, trying
to support a project like Shorewall is impossible for a person of my
personality and age.
Sean -- please believe that this isn''t about you or your post -- your post
was just the proverbial straw on this old
2005 Apr 12
8
SMTP / DMZ
Hi Guys,
I have been trying to configure shorewall
1) Internet Access to internal users
2) Have a DMZ that will house atleast 6 mail / web / ftp servers that
will server our existing group companies outside our physical location.
3) Setup openvpn between our location and our group companies .
What i have done so far is :
- Created the 3 zones with the IP ranges as below.
DMZ:172.16.10.x
2005 May 21
10
pb with iptables snat script
hi list,
oh it''s not really a problem.
Each time i fire shorewall, i run a custom iptables script:
(for the openvpn machines to have route back from my bridge/fw -
$SOURCEIP is the ip of my OpenVPN/Fw/bridge)
iptables -A POSTROUTING -t nat -s 10.8.0.0/16 -j SNAT --to-source
$SOURCEIP
i wish to better integrate it within shorewall, so is there any config
files that could achieve the
2003 Feb 25
11
Exchange Server in DMZ
I would like to place an exchange 5.5 server in my DMZ.
Can anyone tell me how I can set this up to allow LAN clients to be able to
connect to Exchange and also so I can admin the box from the LAN with
Terminal Services?
Thank you.
2005 Feb 11
4
config question for proxyarp hosts?
I''ve got a serious mess of NAT on our firewall/router systems at the
corporate office which seems to do nothing other than confuse the heck
out of people. What I''d like to do is gradually migrate the hosts on
the various DMZ networks away from private IP addresses and NAT over to
public IP addresses and proxyarp.
What I''m wondering, before I start this, is how do I
2004 Sep 14
1
start error "invalid interface" on shorewall 2.08
I have a dsl modem and two static IP addresses: 66.17.65.22
and 66.17.65.161. I am using the standard configuration from
the Shorewall Setup Guide for multiple IP addresses and
modifications suggested by the Aliased Interfaces Guide.
I want to set up a shorewall 2.08 router for my home (Fedora
Core 2 / kernel 2.6.8-1.521). I want share an internet connection with some pc''son a local
2004 Sep 22
3
Strange DNAT problems with shorewall 1.4.8
I''ve had some issues with my network, and I''ve had to reconfigure my
Gibraltar CD. It runs shorewall 1.4.8, and I have a 2-interface setup, so
I downloaded the relevant files from the install page.
Masq and such works, but I''m having a problem with my port forwarding. It
works for port 22, but it doesn''t seem to work for any other port.
I''ve turned
2005 May 31
2
DNAT "without" SNAT?
Hi!
First of all, let me say a big "thank you" to Tom for creating
shorewall. I''ve been using it for a few months now and it''s such a
relief to not have to resort to OpenBSD''s pf (which is so much more sane
than Linux'' iptables madness) for the most basic firewalling tasks.
I have a question that I didn''t seem to be able to find in the FAQ.
2003 Feb 24
5
Bug in Shorewall check?
I made a boo boo in my config and put in this rule
#PPTP
DNAT net:213.67.241.162/217.209.46.204/32
loc:192.168.221.200 tcp 1723
DNAT net:213.67.241.162/32,217.209.46.204/32
loc:192.168.221.200 47 -
And the the following happened.. and I wonder why it didn''t complain? I
am sure I am just misunderstanding some doc
2005 May 28
4
ADSL Network
Hi Guys,
Thi sis my first post, sorry for my english, I''m Italian.
I desperate try configure home server/router connected over ADSL with
dynamic IP.
I''ve registered to no-ip and in order to connect externaly to my home
server. My system is gentoo based.
I''ve just installed different pubblic servers with static IP and
shorewall and had no problems, but my own home
2005 Apr 09
12
aMule
Hi!
I don;t know what i am doing wrong because i have still Low ID on aMule. I
have action.AllowaMule and accept tcp 4662:4771 and udp 4672.
Thanks,
Mitja