similar to: Fesablity of NAT''ing?

I am looking at terminating a OpenVPN tunnel on my shorewall box, but selectivly forward incoming traffic from the VPN tunnel to various hosts on my LOC-zone. Is this doable? Or need I set up OpenVPN tunnels that terminates on the LOC-hosts in question directly? (Or rather: Which page on the web site have I neglected to read _this_ time?) Happy new year to one and all! .

Hi, after kernel upgrade to 2.4.23 my existing configuration of shorewal 1.4.8 will not start / it fail on DNAT and/or masq with message: "iptables: Invalid argument" / I founded some similar problems description - see links bellow, but there is no solution how to get work shorewall with DNAT and masq with 2.4.23 kernel. http://www.ussg.iu.edu/hypermail/linux/kernel/0312.0/0268.html

Hi list, This is my first post there. CONTEXT : -------------- I have a little lan behind a shorewalled box (internet) -- NET_IP [gateway] LOC-IP -- (lan X.Y.0.0) internet -> net zone connected to the gateway via a ppp interface lan -> loc zone connected to the gateway via eth1 NET_IP and LOC_IP are defined in shorewall params file GOAL : --------- i want to forward http and

I have a NetGear FV318 living in my DMZ, with one of its LAN-ports living in my LOC zone. What rules are needed in shorewall to allow a certain subnet to make connections to this device from the net zone? Do I define it as a tunnel in shorewall/tunnels, or do I just allow some selected traffic to the DMZ IP? I am not sure which of the docs are right for me in this case?

Hello, 1) Thanks - shorewall save me a lot of time! 2) I try - exactly: I must :-) - configure a VPN server behind 2 NATs. My situation: RoadWarior - INet - ISP Router (NAT+PortForwarding) - Inetranal Router (running Shorewal, NAT+PortForwarding) - Inetranl VPN Server If RoadWariror try to connect Internal VPN Server then connection failed with "GRE: Bad check chcksum from pppd"

I have registered a project with Sourceforge to produced a Webmin module for Shorewall. http://sourceforge.net/projects/webmin-shorewal/ Anyone interested in participating please email me at enemyofthestate at users.sourceforge.net I am still learning the interface but I think I need your Sourceforge Nym to add you as a developer. -- Stephen Carville Unix and Network Adminstrator

Hello Tom and all, Quick question: Is it possible to operate an OpenVPN server from behind a firewall? Is it as simple as setting it up and placing: DNAT net loc:192.168.10.20 udp 5000 - ipaddress -- Paul Slinski -o) Network Administrator /\ Global IQX, Inc. _\_v Global IQX is the leader in integrated e-business automation solutions for the group life and health insurance

Hey all, I''m trying to setup roadwarrior connection to my internal network. So I''ve setup openvpn to create a tap0 connection and also have bridged the eth1 (leads to my internal computers 192.168.2.10-30 and tap0 which is the VPN connection. On my shorewall setup I have br0 maped to zone loc and eth0 to be my internet and I have masqing on my br0 to get my internal computers

Hi, I am migrating from one ISP to another, and would like to run both simultaneously for a while. So: (both netmask 255.255.255.248) [ISP1] 24.106.62.180 [ISP2] 209.181.237.230 | | | | \ / -----[ HUB ]----- | | -------- eth0 --------- | Linux FW/Server | ---------eth1 --------- | | [ HUB ] | 10.0.0.x/255.255.255.0 The default IP on

Perhaps someone with a sharper brain than I can solve this little mystery. I've Googled until I'm blue in the face, read all TFM's I can find, and tried several iptables rule combinations but just can't get the following to work. Here's my challenge: I have a CentOS-5.3 "main" server with a static public IP address running Apache, OpenVPN, and a bunch of other

Hi all, I have a VPN setup but it only works once in a while. It seems my firewall (shorewall 3.0.8) is blocking protocol 47. Here is what I have: eth0: internet eth2: dmz - my pptp server My entry In the rules file: pptp/ACCEPT fw dmz:192.168.253.2 My pptp macro ############################################################################### #ACTION SOURCE

I tried to the new GATEWAY option in /etc/shorewal/interfaces file but it didnt work. My network setting consists of 2 ISPs line and i would like to have eth0 to connect to for example, 192.168.15.254 while eth1 connected to 192.168.33.254. I restarted shorewall and nothing is wrong. However, the traffic still goes to the default gateway as shown in "route -n" command. For example, i

Hi, I am new to VPN an OpenVPN with shorewal. I tryed a lot and read a bounch of howto''s but nothing helped so I came here. I want to tunnel all request to my server 141.48.XXX.XXX from my home network throu port 443. I want to do this because this is the only way I can connect to my server using ssh or ony other tool or port. On Port 80 Apache is running, so I only have the https port

I have a lan with shorewall running as firewall and two local machines, where 10.1.1.2 and 10.1.1.15 are two internal mail servers and where 124.124.124.124 and 123.123.123.123 are the external IPs for the mail servers. The two mail servers need to communicate with each other via smtp (for sending mail from domains hosted on one to the other) but its giving issues. Specificaly when one server

I''m trying to use my VPS server (single interface of course) as somewhat of a VPN gateway to my other location (which is not accessible directly from some places) where the openvpn server is running, and am kind of lost as to what to try next. I tried a redirect rule, but apparently shorewall didn''t like that (it just failed to start). I tried adding the rules via

Hi List; I heared that IAX is good for NATing issues, but I do not know if it can help me in that senario: I have two Asterisks machines in different sites and both are behind NAT (both have private IP address), I need to link these two asterisks with IAX trunk (if it help really in such senario), but I do not know if it will work without doing special routing settings on the router (like

Is anybody aware of a database containing the types of nat implementation in todays soho/consumer routers? I think it would make sense for the community to have this database in order to avoid symmetric nats. If one such thing does not exist how about starting this database? A stunclient for linux can be found at http://sourceforge.net/projects/stun/ I can contribute this information for two

A quick question: Is there anywhere a listing of the RGB components of the named colours listed by colors()? For example, where would I find the RGB for "orange1" or "salmon"? When I look at an EPS file from R where I have used these colours, it seems that for: "salmon": 0.9804 0.5020 0.4471 rgb "orange1": 1 0.6471 0 rgb However, this is a tedious way

I am creating an application to run a fishing tournament (see http:// www.ruby-forum.com/topic/51209 for a little background) Now I am running into an issue trying to calculate a leader board. each participate can enter multiple fish but only the largest fish per a given species counts towards the overall score. My entries table looks like this:

Our setup: server running shorewal 4.5.2.2 and watchguard vpn appliance. VPN appliance was supplied by our document flow provider. I want to route traffic to 192.168.2.0/24 via 10.10.10.1 gateway. So I thought it would be a good idea to set it up as another ISP in the providers file. But when I enable it I can reach 192.168.2.0/24 subnet but not internet. Can you please tell what I am doing