similar to: Sanity check - routed public IPs

Ok folks, here goes.. I have been boggling with a problem for the past week, and still haven''t found a solution.. I''m trying to route traffic from two providers through a Linux machine. But that is not the problem. The ISP''s have provided me with a WAN IP class for both of the lines, to be routed into a DMZ where the machines a to respond to their respective

Hello folks.. Does any of you know if it is possible to rewrite the ip src in a packet. I have a problem involving a DMZ with external IP addresses routed trough a single WAN IP. When the server initiates a connection, it looks like it comes from the WAN ip instead of it''s designated External IP routed through the WAN. So in short, Is it possible to rewrite the packet in the router,

Can someone help me with this problem: My host on the DMZ is inaccessible from the WAN on port 25. I tried to telnet but getting: $ telnet 66.58.99.84 25 Trying 66.58.99.84... telnet: Unable to connect to remote host: No route to host My shorewall/proxyarp is: #address interface external haveroute 66.58.99.82 eth1 eth0 No 66.58.99.84 eth1

Hi, I am trying to configure the SMTP service on DMZ host. Added the rule: ACCEPT wan dmz:66.58.99.84 tcp pop3 - ACCEPT wan dmz:66.58.99.84 tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp pop3 - issued shorewall clear, shorewall restart, but still couldn''t telnet to the mail server

hi list, i got a small problem. here is my setup: WAN | | | bridged $FW-------DMZ | | masqueraded | LOCAL my shorewall machine ($FW) got three interfaces: eth0 eth1 eth2 * eth0 is connected to the WAN * eth1 is connected to my DMZ * eth2 is connected to LOCAL network i manage a whole C class (public adresses) in my DMZ, let''s say X.Y.Z.0/24 * my router

While I''m in temporary retirement, I''ve decided spend a little time experimenting with new things and making some updates to the web site. The biggest result of this effort to date has been: http://shorewall.sf.net/Shorewall_Squid_Usage.html This outlines how to use Squid as a transparent proxy running on the firewall, in the DMZ or in the local network. In the latter two

Hi, I''ve asked this elsewhere and received hints but no one seems to have a concrete explanation :- What I am looking to do is to be able to configure a Linux based router to be able to share THE SAME SINGLE Public IP address between the linux router and a single computer on the lan acting as the DMZ host (NOT normal NAT IP sharing !). So basically you have a linux router with two

Is anyone using user sets? I''m considering dropping support for them in 2.0 in favor of just listing individual user/groups in the rules file. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Hello all, I''ve read the shorewall guides and browsed through the mailing lists, but I haven''t been able to find out if the following is possible or not using shorewall. Our provider has given us 16 IPs + 4 in a separate range for our uplink. I would like to replace that router with a Linux box running shorewall with three interfaces. I want the DMZ to be a standard, routed

Hello folks, I have a really strange routing problem that no amount of googling and experimenting has been able to solve. Then again, I''m new to Xen and "advanced" networking, so I could be missing something very basic. Summary: an unprivileged domU with PCI frontend for a NIC is used as a router; icmp gets routed, but tcp/ip only partially. I''m using a xen-unstable

Hi all, I''ve a routing problem. I''m setting up a router based on debian (kernel 2.4). I need to setup routing to export an ftp service (ftp server is in dmz) to 2 wan (both). I setup prerouting ad forward rule with no problem. The problem is that reply packet use default gateway (default wan) even though they are enter using the other wan. I solved it marking packets in input

My sincere apologies to all on this list. After looking for returning packets with tcpdump and not finding ANY I called our provider to confirm our IP assignment. The IP range that I was given by my boss was incorrect. After adjusting the ip assignments, everything is working perfectly. Thank you all for your time in troubleshooting this, and I hope to be able to return the favor at some

i am doing a clean install on fedora core 2 using the shorewall rpm and the Shorewall Setup Guide for multiple IP''s using a stock configuration except for AllowDNS and AllowWeb on the firewall (so i can post this message). my shorewall status file is attached. my setup 69.17.65.105 = firewall 69.17.65.22 = dmz server 1 69.17.65.161 = dmz server 2 my local network is

I''m trying to implement simple untagged vlans on our switch and have misconfigured something.. ISP gw is on the default vlan1 (untagged) Router eth1 is setup on the switch with default vlan1 and member of vlan4. eth0 is default vlan4 which connects to the clients that are all default members of vlan4 eth0 is x.x.x.86/28 This is what clients are connecting to as their gw.. (no

Hello We are using old version ( shorewall-3.0.7-1) with Centos 5.3 The shorewall has three zones (net / loc / dmz). Loc can access to internet with no problem and can access to DMZ. DMZ can''t access to internet. Net can''t access to DMZ with NAT. I tried to restart the machine / check Lan card / check cable , they were work find. Is it DMZ Lan card problem? but it can

Hi Guys, Thi sis my first post, sorry for my english, I''m Italian. I desperate try configure home server/router connected over ADSL with dynamic IP. I''ve registered to no-ip and in order to connect externaly to my home server. My system is gentoo based. I''ve just installed different pubblic servers with static IP and shorewall and had no problems, but my own home

Hola, I have a question in regards to ignoring traffic shaping for LAN side that connects to a DMZ IMAP server through the WAN interface. The DMZ and the WAN side are both on a 10/100 switch. Is it possible? Thanks. ~Andrew. OS MDK 9.1 kernel-smp-2.4.21.0.33mdk-1-1mdk HTB; iproute2-2.4.7-7mdk; shorewall-1.4.8-2.2.92mdk

I don''t think this has anything to do with Shorewall but I am not too familiar with iptables stuff yet so I''m not sure. Running Shorewall shorewall-1.4.9 on Mandrake Linux release 9.2 (FiveStar) for i586 Kernel 2.4.22-37mdk. Run "nmap -sP 192.168.x.x/24" (for example), where 192.168.x.x/24 is the LAN. You can do this from a firewall/router, or even from a

pc1(LANa) ----poor connection ----> VPS <--------- PC2(LANb) pc1 and pc2 used to connected directly with tinc, since pc1 used to have WAN IP(pppoe), but the pppoe IP is not WAN IP anymore (ISP changed to let all ADSL user in a LAN). if I let the two pc connect to a VPS with tinc, can later connections between pc1 and pc2 be directly ? for example, ssh from pc1 to pc2 but not proxyed by

Hello all, Name is Andrew and in desperate need of some info. Setup: - Mandrake 9.1 with three interfaces (eth0 --> WAN) C-class /28 network (with tree virtual addresses which I am DNAT-ing to the DMZ) (eth1 --> LAN) A-class 10.0.0.0/8 (eth2 --> DMZ) A-class subnet 10.1.123.0/24 - Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk Dilemma: - LAN can not access the DMZ zone