similar to: dmz setup

Hello all, Name is Andrew and in desperate need of some info. Setup: - Mandrake 9.1 with three interfaces (eth0 --> WAN) C-class /28 network (with tree virtual addresses which I am DNAT-ing to the DMZ) (eth1 --> LAN) A-class 10.0.0.0/8 (eth2 --> DMZ) A-class subnet 10.1.123.0/24 - Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk Dilemma: - LAN can not access the DMZ zone

I have a Smoothwall server on my network and am running three network interfaces off it. 1) local LAN 192.168.0.0 with PCs and an internal dovecot server on 192.168.0.154. 2) internet interface 3) DMZ 192.168.2.0 which has a linux web server 192.168.2.1 on which I want to install a webmail so I can access my email remotely. Originally 192.168.2.1 couldn't see the 192.168.0.0 network but with

Hi As per my follow up mail I implemented the ProxyArp configuration as per the Documentation on the Web site and all seemed to be working correctly. However, the one thing that doesn''t seem to be working properly is Samba. I have Samba running on the FW machine and one of the servers 192.168.0.8 on the Local Lan. I can connect to a Share using Samba from Server to Server, however

Hi all, I''m totally new to Shorewall and have only read through a limited amount of documentation. I have an idea for a new configuration of our server firewall and would like to know a general yes or no (give or take a few tips) on the concept. I will then go and read up in more detail when I come to implementing it. I always think that it''s best to get a general idea from

This will be the last Shorewall release for a while as I''m going to be focusing on Documentation. In this release: 1. Empty and invalid source and destination qualifiers are now detected in the rules file. It is a good idea to use the ''shorewall check'' command before you issue a ''shorewall restart'' command be be sure that you don''t

Hello, I am not very good at linux networking. I have read tinc documentation multiple times and I still don't understand what the "Subnet = ..." directive does in /etc/tinc/$NET_NAME/hosts/$HOST_NAME Right now I have a simple virtual lan organized with tinc, and I use the following in every device's config file (replacing the last part of the address): # This computer will

Hi all! I posted earlier about the proxy arp configuration = http://shorewall.sourceforge.net/shorewall_setup_guide.htm#NonRouted, = and was probably not sufficiently knowledgeable on the subject. I''ve = gone through a bunch of documents on proxy arp, subnetting with proxy = arp and the documentation at shorewall, and have come up with a setup = that would be perfect for the job at hand

I have running Shorewall 2.0 version with squid. Since today my clients cannot connect to internet. I can see that entry in messages file Jun 16 10:22:54 MurcianaFW kernel: Shorewall:FORWARD:REJECT:IN=eth1 OUT=eth1 SRC =192.168.29.66 DST=192.168.28.2 LEN=239 TOS=0x00 PREC=0x00 TTL=127 ID=24784 PROT O=UDP SPT=137 DPT=1030 LEN=219 Anyone knows what´s happen? Thank you

I have a samba winbind server which is operating properly. I have the firewall configured to DROP outbound traffic on UDP/137 and 139. The broadcast traffic on these ports will not reach any pertinent machines due to subnetting, and is unwanted traffic. The server is working without this traffic hitting the network. However, Winbindd is constantly trying to broadcast and logging that it

Hi Gavin and I appear to have successfully connected our Linux and Windows machines via Tinc, but cannot seem to do anything else. We cannot ping each other's vpn network. Gavin would like to be able to: * browse my local SMB (Windows and Samba) network * collect his email via my local mail server Are asking too much of a VPN here? Have we missed something? All details, Linux output and

Hi! I have 8 subnets: 192.168.100.x/24 192.168.150.y/24 192.168.200.z/16 etc ... Install a Primary Domain Controller (PDC), so that users to perform authentication on the domain with its mounting remote disks, among others. The network is correctly configured, that is, the teams are perfectly by "ping" and the open ports between the networks see no problems. Notes: - I disabled the

hi, i hv been burning nights reading howtos and manuals for iproute2 and iptables aiming at succesfully implementing a DMZ-NAT solution for our college (institute.) i am a student and never had past experience but hv used linux for quite some time now. so my first question is: do the functions of iptables and iproute2 overlap atall. i am preety confused regd this matter. 2nd: is it possible to

Hello, I have a DC that sits on a different subnet from the CUPS server that I would like to use. I would rather not install CUPS on the DC. Is it possible to change the server name away from localhost for the CUPS backend and have it connect to that other server to get the printers (load printers = yes) and print to that server? Must I have a CUPS installation on the DC? Thank you, Trever

Hi, > > Why don't you create a Member server with cups installed?. I suppose > that you have a gateway between both subnets, right? > > https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server > https://wiki.samba.org/index.php/Samba_as_a_print_server > > With that, the cups server can authenticate the users using the DC > server and you just need to print

We have been having some performance problems with our linux bridge. I have no idea where to look to start diagnosing the problem, so I'll explain what we've done and hope that you might tell me where to start looking. Almost everything appears to work fine, but when I try to stream music using WMP or mp3 streaming, I can only stream about 30 seconds before it cuts out. I used to be

Hi all, Here''s the situation. I have 80 users sharing a internet link of 5Mb link. The users are grouped in /29 ip addr classes so I have 10 classes of users I want to create a root htb, then 10 htb childs each with 0.5Mb bandwidth. The traffic will be directed to each class using tc filters. Now, I want that each of 8 users from each class to share equally the class bandwidth. Can I

*Problem I want to solve:* We have 3 sites: A, B, and C. Network admins should have access to all three. (this works as-is). Desktop support should only have access to their site. (Tech A to site A, Tech B to site B, Tech C to site C). *How I think I can do it:* Working with keys? Admin's public key will be on all the client machines, and thus, the client machines will always

Dears; It seems my service provider is requesting a complicated settings to allow me to send from behind NAT. What they said: "It shouldn't matter as long as you are handling the NAT correctly your end. We do not fix NAT so if you're sending internal addresses in your INVITEs or SDP then things will fail but if you're handling it correctly, we shouldn't tell the

i´ve been searching for a load balance solution since a month ago... what i can say is that it simply doesn´t work. I was unable to find one guy that did it with sucess. When "load balance" is the subject of the message on the list, the message is simply ignored. So... if it doesn´t work... why LARTC don´t delete it from the HOW TO and answer us with some "it simply doesn´t

Network Configuration issues I''ve been working on this for 2 days PLEASE HELP! I am having the following issues with network configuration and I cannot ping the external interface to begin troubleshooting the network configuration. I know that the ISP''s router is configured correctly since I have attached it to a small Linksys firewall and was able to ping the 66.240.207.226