similar to: Query re Tom''s firewall (see http://www.shorewall.net/myfiles.htm)

This is some ramblings on why using proxy ARP (on a host in a DMZ) is a good or bad thing. The good is that a computer X retains a public IP address which makes it easy to connect it directly to the net if the firewall has to be taken down for extended periods. Thus, if computer X is a mail server for example, it can still function in a reduced capacity until the firewall is restored. The bad

There has been a low continuing level of confusion over the terms "Source NAT" (SNAT) and "Static NAT". To avoid future confusion, all instances of "Static NAT" have been replaced with "One-to-one NAT" on the web site and in the CVS configuration files (Shorewall/ project). The documentation in 1.4.9 will also contain this change. -Tom -- Tom Eastep \

Are there any scenarios that require traffic from a zone to itself to be blocked? If not, Shorewall should possibly allow it as a matter of course. It seems strange having to explicitly create such a policy & it''s not immediately obvious when it is required. -- Taso Hatzi caesar 17 <<-salad cjbx jc vdwwjar jc xi jc jd salad

Tomorrow morning, the following systems will be unavailable while I upgrade the OS on my firewall: a) shorewall.net b) lists.shorewall.net c) cvs.shorewall.net d) rsync.shorewall.net The upgrade will begin around 0700 PST (-0800) and will like take two hours or so. Sorry for the inconvenience. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \

Do these programs still exist? They don't seem to be part of the samba3x package on RHEL5.

Environment is Samba as a PDC, OpenLDAP backend, with smbldap-tools providing the scripts to manipulate the data. What are the recommended/mandated organizational units (OU=) for user, computer, group info. I'm pretty sure that groups go in ou=Groups, but I am confused about where user and computer data goes. I have seen ou=People, ou=Computers, and ou=Users in various places. Which is it

The problem scenario I describe was reported previously in the Shorewall lists but its resolution does not seem to have made it into the lists. Scenario: Windows XP client seeking to establish a VPN connection to a Windows 2003 Server located behind a Shorewall firewall (running on Mandrake kernel 2.4.22-37mdk). The connection cannot be made, the client reports error code 721. Discussion:

Hi, especially John H. T :) I'm yet again plodding through chapter 14 of the Samba-HOWTO-Collection.pdf. Not because I can't make what's in it work for me, I did that long ago, I found out for myself, because a great deal of what's in it is wrong. I just got fed up with trying to get Nagios to work - I gave up, for various reasons and started on the Samba doco. At the risk of

Is there a trick to being able to access shares via \\domain\dfsroot\.. rather than \\computer\dfsroot\... ? Only the latter works for me - samba 3.0.22

Scenario: a) Samba with an ldap backend. b) The ldap database becomes irretrievably corrupted. c) I roll in a new ldap database from a known good copy. d) Problem is the passwords for the machine accounts are out of date. e) Is it possible to coax Samba & the clients (mostly XP) to resynch their passwords? f) I want to preserve the client computers SIDs & names. g) I really

I have been having a problem with 'net getdomainsid' on a machine that I set up to be a BDC. # net getdomainsid Could not fetch local SID tdbdump shows that there is no machine SID in secrets.db, so I'm thinking that I overlooked the step that creates a machine SID. What creates the machine SID and when? Also, is it the hostname or the netbios name that samba uses as the machine

I don''t think this has anything to do with Shorewall but I am not too familiar with iptables stuff yet so I''m not sure. Running Shorewall shorewall-1.4.9 on Mandrake Linux release 9.2 (FiveStar) for i586 Kernel 2.4.22-37mdk. Run "nmap -sP 192.168.x.x/24" (for example), where 192.168.x.x/24 is the LAN. You can do this from a firewall/router, or even from a

Thanks to both of you - exactly the piece I was missing. -----Original Message----- From: tms3 at tms3.com [mailto:tms3 at tms3.com] Sent: Monday, January 10, 2011 12:52 PM To: Christ Schlacta Cc: samba at lists.samba.org Subject: Re: [Samba] Reestablishing trust with PDC > > > you haven't tried experimenting with backing up and restoring the > samba password cache. look in

Hello, I''m stuck IPSECing my wireless network at home and would appreciate any comments. I appologize in advance if I''m wasting your time with trivia - I''m not a professional and staring at the problem for days from various angles hasn''t done me any good ... My home server/firewall (morannon) is hooked up through an USB to ethernet adapter (eth1) to my DSL

Been trying to run this on FC3 pulling stuff off a NT4 PDC - it just segfaults on 3.0.21 & 3.0.21a I'm building the RPMS from the tar ball on the host using the makerpms.sh script Reverted to the 3.0.10 issued by Fedora and no segfault. From what I can see (with strace) it segfaults while reading from the socket connecting the PDC - not the first read, but after quite a few

Samba 3.0.21b with LDAP backend The transfer to the Sanba hosted domain appears to work, ie success message, but I can't log on to a domain account from that workstation, complains about missing machine account or incorrect password. Only NT4 workstations seem to be a problem, Win2k and XP are Ok. NT4 is maximally patched, updated and etc - no registry hacks however. I checked the LDAP

--

I am following Chapter 6 of Samba-3 By Example to set up Samba on a Fedora 3 box. It seems to go Ok until page 144 step 5. # net getlocalsid [2005/05/02 00:22:04, 0] lib/smbldap.c:smbldap_search_suffix(1155) smbldap_search_suffix: Problem during the LDAP search: (No such object) SID for domain SIROCCO is: S-1-5-21- etc Running the same command with some debugging: # net -d 2 getlocalsid

Some of Shorewall''s features manipulate routing tables. Linux removes routes involving interfaces that disappear (namely pppX). When these interfaces are restore the routing tables are not restored. Just wondering how people are dealing with this situation.

Somehow, hopefully to be determined, I got my Thunderbird/dovecot Fedora Core 3 configuration into a real snit, such that I can no longer access my INBOX. When Thunderbird tries to get the INBOX content (or get new mail) it reports "The current command did not succeed. The mail server responded: Invalid messageset: -2147483648:*." Scouring logs and googling has come up empty. Now