similar to: config question for proxyarp hosts?

I''ve got a rather complex beast of a network that I''ve beeing trying to get properly routed for some time now. I''ve come really close, in that inbound traffic gets where it''s supposed to, and outbound traffic goes where it''s supposed to, but outbound packets are all apparently going over the wrong link. The system is currently configured as a

My ISP has DHCP-assigned IP-addresses. I wonder if someone has tried using proxyarp for a DMZ with DHCP-assigned public IP?

Hi everybody. I''m trying to configure shorewall folowing this manual: http://www.montanalinux.org/proxmox-ve-with-shorewall.html But with shorewall check it tells me thah: Checking /etc/shorewall/interfaces... ERROR: Unknown zone (dmz) : /etc/shorewall/interfaces (line 16) How can I define it in the zone file? thanks for the help. best regards, Santiago.

I have been trying to get DNAT to work and I actually have succeeded too, however, not how I thought it would work when reading through the documentation. 1. No matter what I do I cannot get DNAT to work unless I have an entry in eiter the nat or the proxyarp file. Is that really how it''s supposed to be? I can''t find anything about it in the documentation. 2. Also, in the

Hello list, I am in the process of switching from IPCOP to Shorewall s the firewall for our small office. I very much like the fact that Shorewall runs on top of the same OS (openSuSE 11.4) that I run on the server and my desktop. Our setup is fairly straightforward. We have 8 static ip addresses from our ISP, which provides a cable modem and a Cisco 800 series router. The ip addresses are

I have some hosts in a DMZ zone with proxyarp. In my local zone I have a host to which I DNAT. I have discovered that I can reach the host in the local zone by attempting to connect to the fw (As expected) or ANY proxyarped host in my dmz zone (as not expected). Is this normal ? (I''ve just discovered that actually the dnated host answers to requests sent to any IP routed to my host!)

Hi, In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall external interface and the DMZ interface are in a completely different network . That means the gateway of the External interface and the hosts in ProxyARPed DMZ zones are in different network. eth0 ---in 220.227.X.Y/30 -- shorewall external interface eth1 ---in 220.227.A.B/27 -- shorewall

Does anyone know what a good maximum number of machines I should place in the ProxyArp list? Thanks Jamie

I''m being cast headlong into unfamiliar waters here, and being desperate for some air, thought I''d come here for some help. :) Anyway, my employer is going through some whiplash-inducing growth spurts, and as a result, the simple "Internet T-1 -> Linux Firewall/NAT -> LAN" setup just isn''t going to cut it anymore. First, we''re bringing in 2

I've been playing around a little bit with the "veto files" option for the [homes] shares we have on our Samba servers (2.2.1a & 2.2.3a). I've discovered that: veto files = /.*/ works marvelously for not letting the users muck with their .dotfiles, which is exactly what we want, however, I've also discovered that it also clobbers the special directory entries

Hello Shorewall gurus, I have a dilemma with a public server. I want to migrate the current public server over to a new machine behind the current server''s firewall (shorewall 1.4). I have included a diagram below to help explain the target network I am working toward. I have read the shorewall online documentation and though I have used Shorewall the past 4 years in the current

I've been working to migrate several hundered users on to our new mail servers, which run dovecot 0.99.11 (RHEL4). The problem I'm seeing is that deleting or moving a message seems to take a very long time. It's not uncommon for Thundirbird (1.0.7) to have delays of 5-10 seconds to delete a single message from my Inbox (<500k) and place it in my Trash folder (~100MB right

Hi, Thanks for your reply . I am attaching the files needed by you herewith. The NAT device is called Pronto gateway which has two interfaces , namely eth0 and eth1. ''eth0'' has an ip address of 203.124.152.66 and eth1 has an ip address of 192.168.1.3 . All the client PCs are in 192.168.1.0 network [behind the NAT, the Pronto gateway] and use 192.168.1.3 as the default

We've been putting 1.0 Beta 3 through the paces on our test system, and one of our users pointed out to me that Thunderbird's "labels" behave strangely on the new server. In fact, there used to be a header added to the message via IMAP when Thunderbird placed a label on a message, but as of the switch from 0.99.11 to 1.0beta3, this label header is no longer placed in the

I'm trying to set up 1.0 beta 2 on one of our systems, and would like to run it on alternate ports from the standard IMAP and IMAP/SSL ports so that we can test it out a couple users at a time. How does one tell dovecot to listen on alternate ports? I can't find anything in the example config file... Thanks, Gregory -- Gregory K. Ruiz-Ade Sr. Systems Administrator Computer Science

I'm testing 1.0 beta3 on our mail server, and finding that Apple Mail seems unable to connect to it. I'm running the 1.0b3 on port 997 so we can test it in parallel to 0.91 to compare performance (so far, it's hella faster). I've ensured that the users testing are _not_ connecting in any way to the 0.91 version running on port 993. From the OS X client side (10.4.5 + latest

Hi all! I posted earlier about the proxy arp configuration = http://shorewall.sourceforge.net/shorewall_setup_guide.htm#NonRouted, = and was probably not sufficiently knowledgeable on the subject. I''ve = gone through a bunch of documents on proxy arp, subnetting with proxy = arp and the documentation at shorewall, and have come up with a setup = that would be perfect for the job at hand

Hello all, Name is Andrew and in desperate need of some info. Setup: - Mandrake 9.1 with three interfaces (eth0 --> WAN) C-class /28 network (with tree virtual addresses which I am DNAT-ing to the DMZ) (eth1 --> LAN) A-class 10.0.0.0/8 (eth2 --> DMZ) A-class subnet 10.1.123.0/24 - Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk Dilemma: - LAN can not access the DMZ zone

Hi As per my follow up mail I implemented the ProxyArp configuration as per the Documentation on the Web site and all seemed to be working correctly. However, the one thing that doesn''t seem to be working properly is Samba. I have Samba running on the FW machine and one of the servers 192.168.0.8 on the Local Lan. I can connect to a Share using Samba from Server to Server, however

Hi Folks, Can i account proxyarped pc´s ?? Like know how much web traffic passthru a specific person ip using shorewall ? So i can know how much bandwidth that specific IP EAT ? Thanks alot Carlos Arnt ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward