similar to: Dmz

Hello, You may recall some of My Dmz question around Thanksgiving. While I have configured a Proxy arp Dmz. I would like to practice with the routed setup you suggested Tom as your network was simular. Here is one of your quotes "The configuration of eth2 is largely irrelevant but you certainly don''t want to confuse things by assigning any default gateway out of that

Hey Tom, This is my T-1 slash 27 network btw. How does this look??? for---- net eth0 66.224.62.120 ----dmz eth1 66.224.62.120 This box is for practice Dmz we talked about. with the pratice Dmz server''s Ip 66.224.62.121 routing and interface''s below [root@66-224-62-120 root]# ifconfig eth0 Link encap:Ethernet HWaddr

In an effert move my Dmz from a snapqear roouter to Linux with shorewall. Question is I have network 64.42.53.200/29 which makes default gw 64.42.53.201 network 64.42.53.200 broadcast 64.42.53.207 mask 255.255.255.248 and I want to set up shorewall with eth0 64.42.53.202 eth1 local eth2 dmz where dmz will use say 64.42.53.203 for web and email server. Where I do not need or should I say use

I noticed the long standing Ipsec FSwan problem was fixed. But do you still have to make sure Ipec is not running when shorewall starts Reason I ask Is I could not get my Dmz working with Ipsec in the equation. Thanks Mike

I have had a web server listining sql-1433, www 80, ftp-21 using proxy arp with sub-netting in a three interface DMZ. All these ports are in the rules file as ACCEPT. With one exeception that 1433 allows a few host from the net. 21 and 80 allow all net to dmz connections. The policy is DMZ to net ACCEPT This has been working great for about a month or more until I rebooted the

Hello Tom, I am not sure if you can help with this but I am at my wits end. If you hit this site and do a force refresh (ctrl + F5) the site will time out and lose connections. Do the same on port 443 and it does not time out??? The web site I am reffering to is www.tituswill.com I think the only problem is port 80. Do you have any idea how to diagnose this I have sent a dump of just

I am trying to add a machine into my dmz. It is the first machine I''ve ever added to this dmz and fro some reason I cannot establish communication between the dmz and the machine. Here is an example of my setup: ISP router --> firewall (eth0) firewall (eth1) --> local network firewall (eth2) --> DMZ eth0 and eth2 have public IP addresses as does the machine I just added to

Mike Lander wrote: > I am building a shorewall box that the last post has the SSH error and > wanted > some feedback from the list if possible. At first I thought the two ISP''s > I > building this > for had two T-1''s with FQ ip''s as it. I have the box built for this ready > to > go. > Now I find out that one of the T-1''s is

Hello all, Name is Andrew and in desperate need of some info. Setup: - Mandrake 9.1 with three interfaces (eth0 --> WAN) C-class /28 network (with tree virtual addresses which I am DNAT-ing to the DMZ) (eth1 --> LAN) A-class 10.0.0.0/8 (eth2 --> DMZ) A-class subnet 10.1.123.0/24 - Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk Dilemma: - LAN can not access the DMZ zone

Hi everyone, I have a question regarding the default gateway for hosts on DMZ zone. I moved servers from parallel to the DMZ (outside the firewall, directly connected to I-net) to inside DMZ. The default gw for these servers was the DSL router(bridge) of my ISP. What should be the default gw (for the hosts inside the DMZ), when hosts are inside the DMZ now - still the DSL router (external

Hi Guys, I have been trying to configure shorewall 1) Internet Access to internal users 2) Have a DMZ that will house atleast 6 mail / web / ftp servers that will server our existing group companies outside our physical location. 3) Setup openvpn between our location and our group companies . What i have done so far is : - Created the 3 zones with the IP ranges as below. DMZ:172.16.10.x

From reading the documentation, I understand that it is recommended to put servers that may be at risk in a DMZ served via proxy-arp. In this case, the local clients that are behind a NAT would have their connections to the DMZ masqueraded, yes? Is there any way around this that would still be considered secure? Just looking for advice. Thanks, A.

Hi all! I posted earlier about the proxy arp configuration = http://shorewall.sourceforge.net/shorewall_setup_guide.htm#NonRouted, = and was probably not sufficiently knowledgeable on the subject. I''ve = gone through a bunch of documents on proxy arp, subnetting with proxy = arp and the documentation at shorewall, and have come up with a setup = that would be perfect for the job at hand

Hello, I have been running Shorewall for quite some time at an ISP client of mine to protect his LAN. We have just upgraded to 2.2.4 and he now wants to put his servers in a DMZ. The servers have public IPs in two classes xxx.xxx.79.0 and xxx.xxx.242.0. The public IP on the router for each class is xxx.xxx.79.126 and xxx.xxx.242.126. I am using masq and 192.168.1.0 on eth0 LAN I have tried

Hi all! I''ve set up a Linux box with shorewall doing proxy arp as per http://www.shorewall.net/shorewall_setup_guide.htm#ProxyARP the 5.2 (non routed) example. Everything is working great except for one thing, and that leads me to my question: is there a conflict between proxy arp and pptp? I''ve set the apropriate ACCEPT rules to allow tcp port 1723 and protocol 47 to the host

Hi, In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall external interface and the DMZ interface are in a completely different network . That means the gateway of the External interface and the hosts in ProxyARPed DMZ zones are in different network. eth0 ---in 220.227.X.Y/30 -- shorewall external interface eth1 ---in 220.227.A.B/27 -- shorewall

I have an access-IProm my isp that I configured my eth0 with. And I also have an IP-range assigned from my ISP that will be used on my servers connected to eth1. The IP-range is routed thru the access-IP. This is how my configfiles look like. Internal everything seems to work but not external. /etc/shorewall/proxyarp #ADDRESS INTERFACE EXTERNAL HAVEROUTE

Hello Tom, I have successfully configured proxy arp subnettinng on my network with three hosts in a Dmz. And it works great. (using proxyarp in interfaces) I also tryed this on network below same trouble. However for this network below I have tryed to configure one host in a Dmz (using /etc/shorewall/proxyarp) which works and comes up after I set it up and clear Isp''s arp

Hi, in a three interface firewall I have eth0, loc, 10.1.5.1/16 eth1, int, 200.41.61.228/29 eth2, dmz, 192.168.1.1/24 (un)fortunately I got a group of public ip?s to use, so here is my problem in the dmz I have 192.168.1.3 redirected from eth1 alias 200.41.61.226 (a web server, works perfect). I am trying to set up a mail server also, a different machine, so I can?t use proxyarp, as with this,

I have tried unsuccessfully to run both Shorewall 1.2.x, 1.3.x with Proxy ARP on a Red Hat 7.2 machine. The machine was configured as the external firewall as per the ''belt and suspenders'' layout given at http://www.skippy.net/linux/firewall/ The firewall appeared to function correctly in all functions except proxy ARP, however I must say I did not test exhaustively. After