similar to: DNS, DNAT and Notifies

I have registered a project with Sourceforge to produced a Webmin module for Shorewall. http://sourceforge.net/projects/webmin-shorewal/ Anyone interested in participating please email me at enemyofthestate at users.sourceforge.net I am still learning the interface but I think I need your Sourceforge Nym to add you as a developer. -- Stephen Carville Unix and Network Adminstrator

I''m having another little problem with my new firewall. I want outgoing port 25 from my mail server to appear on the address 65.223.121.227 so I created the file masq: eth2 192.168.124.18 65.223.121.227 tcp 25 eth1 eth5 eth1 eth3 eth1 eth4 eth1 == net0 == 209.189.103.196/27 eth2 == net1 == 65.223.121.237/28 eth3 == dmz0 eth4 == dmz1 eth5 == loc ==

I am using Samba 3.0.20a with winbindd on FC3 and all the shares except one are working. I keep getting a permison denied error for non-local users in certain directories. The permissions on the directory are # ls -ld . drwxr-xr-x 11 procman users 4096 Aug 3 15:35 . # ls -l drwxrwx--- 12 procman admin 4096 Aug 2 15:47 administration drwxrwx--- 5 procman data-entry 4096 Nov 16

I have the following interfaces loc eth0 net0 eth1 net1 eth2 (net0 and net1 are the two ISP networks) policy loc net0 ACCEPT loc net1 ACCEPT net0 all DROP info proxyarp 209.189.103.204 eth0 eth1 no no params Pellucidar=192.168.124.232 rules DNAT net0 loc:$Pellucidar tcp 22,80,1950,50005 - 209.189.103.204 ACCEPT all all icmp

I would like to add a rule allowing only the address 192.168.150.20 and the range of addresses from 192.169.150.100 to 192.168.150.150 in zone dmz0 to connect to two terminal servers in the local zone. Is there a syntax that can specify a range of addresses in the rules file? Do I have to enter each one separately? -- Stephen Carville Unix and Network Adminstrator DPSI 6033 W.Century Blvd.

I have a setup with two Internet providers. One circuit (net0 == eth1) is used primarily for employees and tunnels to other sites. The other (net1 == eth2) is for the production machines that customers access. Everythung works in teh sense that packets get to where they are sent (mostly) but I recently I had a sniffer on the system and noticed a problem I cannot solve. traffic coming in

I think I''ve figured out the routing for multiple ISP''s and DNAT. For ths who might be interesed, I''ve uploaded some notes to: http://www.heronforge.net/redhat/node17.html Let me know of you see any errors or a better way... -- Stephen Carville <stephen@totalflood.com> Unix and Network Admin Nationwide Totalflood 6033 W. Century Blvd Los Angeles, CA 90045

Hi, I've got Samba 2.0.2 and a server NT4 SP3 with Seagate BackupExec 7.0. When I want to backup Samba with Seagate BackupExec, I get a message saying "Unable to connect to server, <F5> to retry", and then another one saying "A device specific error occured". I've read all the Samba archive about that subject, but I do not find any solution. I don't

on i have a small question we have a linux box with a windows 2003 server well we natted all the ports and mail is working remote desktop is working web is working the only thing that does not work is vpn how can i foward vpn traffic to this server i checked the site and searched for foward vpn and got nothen can somone please enlight me where to start Marshal McInnis Tech / Web

I am migrating from my "old" 2.2.7 samba server to a newer server runnig 3.0.20a and everythig is working except the [homes] share. The server (FILE-CABINET) is a member of the domain, security is set to ADS and, as far as I can tell, kerberos is working. The program wbinfo returns a list of users and groups like it should. getent passwd returns first my local passwd file and then

Is it possible to allow two Linux computers to browse each other in a manner similar to the way a winbox and browse a Linux box with Samba? Ya know, like the network neighborhood thing, not the smbclient get put thing? Thanks

Robin Lynn Frank wrote: > I have an entire /8 blacklisted. The problem is there is a single IP in > it I want to exempt from this. Searching the web site, I note there > used to be (circa version 1.3) a whitelist feature, but I couldn''t find > a simple solution to what I want to do. > > What would be the bes/easiest way to accomplish this? I can''t think of a

I have an FC3 intallation with samba-3.0.10-1. I cannot get it to accept a login with server=DOMAIN. I can join the domain with no problem: # net rpc join member -U scarville passwd: Joined domain TOTALFLOOD. I can browse the shares: $ smbclient -L amazon added interface ip=192.168.124.230 bcast=192.168.124.255 nmask=255.255.255.0 Password: Anonymous login successful Domain=[TOTALFLOOD]

Hi, my problem is to access a shared printer with samba on my WindowsXP workstation When I browse thru my network with Explorer, I can see the shared printer. When I double-clic on the printer, Windows XP ask me if I want to install it. I choose the right driver and click "OK". The installation begin and there is no error in the installation. After the installation Windows XP open the

I am looking at terminating a OpenVPN tunnel on my shorewall box, but selectivly forward incoming traffic from the VPN tunnel to various hosts on my LOC-zone. Is this doable? Or need I set up OpenVPN tunnels that terminates on the LOC-hosts in question directly? (Or rather: Which page on the web site have I neglected to read _this_ time?) Happy new year to one and all! .

I am considering replacing my old checkpoint and watchguard firewalls witha single Linux box using iptables and shorewall. I have two ISP''s (with separate routing tables), two DMZ''s, at least one VPN to a remote office, and a local trusted network. The configuration will look like: +----------------+ | | net0 ----------+ eth1

Hello, I''ve checked the FAQ, and it tells that there is a GUI interface , does that applis to version 1.4 as well as version 2.0 Sorry if it is a silly question, but just wanted to be sure Kind Regards Samer _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it''s FREE!

look in the smb.conf man page for "disable sspool" I think thats the right option. It needs to go in your global section ie disable sspool = yes Cheers ------------- Kristyan Osborne IT Technician Longhill High School 01273 391672 ------ Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell

I am trying to use rsync to move backup file from a cople of Oracle servers to another machine where they will be backed up to tape. The command is run from a script launched by cron and looks like: /usr/local/bin/rsync --recursive --delete --verbose $BACKUP_DIR/* \ euphrates::tigris/logarch/. Rsync is running from inetd on euphrates which has the following defined in /etc/rsyncd.conf:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Over the past weekend, I added SPF screening on the MTA at shorewall.net. SPF is a mechanism for a domain to use DNS to publish a list of those IP addresses that are used to send legitimate email from that domain. A receiving MTA can use that published information to determine if email from a domain is being sent through an MTA belonging to that