similar to: routed vs non routed

Hello Tom, I have successfully configured proxy arp subnettinng on my network with three hosts in a Dmz. And it works great. (using proxyarp in interfaces) I also tryed this on network below same trouble. However for this network below I have tryed to configure one host in a Dmz (using /etc/shorewall/proxyarp) which works and comes up after I set it up and clear Isp''s arp

I noticed the long standing Ipsec FSwan problem was fixed. But do you still have to make sure Ipec is not running when shorewall starts Reason I ask Is I could not get my Dmz working with Ipsec in the equation. Thanks Mike

Hello Tom, I am not sure if you can help with this but I am at my wits end. If you hit this site and do a force refresh (ctrl + F5) the site will time out and lose connections. Do the same on port 443 and it does not time out??? The web site I am reffering to is www.tituswill.com I think the only problem is port 80. Do you have any idea how to diagnose this I have sent a dump of just

Mike Lander wrote: > I am building a shorewall box that the last post has the SSH error and > wanted > some feedback from the list if possible. At first I thought the two ISP''s > I > building this > for had two T-1''s with FQ ip''s as it. I have the box built for this ready > to > go. > Now I find out that one of the T-1''s is

After installing Zebra for ripd to get win2k routes I am getting this May 20 23:24:20 ns1 kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC= SRC=64.42.53.202 DST=64.42.53.207 LEN=92 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=72 May 20 23:25:25 ns1 last message repeated 3 times I am new to zebra, so I am assuming that this is broadcasting to windoz for routes weird !!!

I have had a web server listining sql-1433, www 80, ftp-21 using proxy arp with sub-netting in a three interface DMZ. All these ports are in the rules file as ACCEPT. With one exeception that 1433 allows a few host from the net. 21 and 80 allow all net to dmz connections. The policy is DMZ to net ACCEPT This has been working great for about a month or more until I rebooted the

Hello, You may recall some of My Dmz question around Thanksgiving. While I have configured a Proxy arp Dmz. I would like to practice with the routed setup you suggested Tom as your network was simular. Here is one of your quotes "The configuration of eth2 is largely irrelevant but you certainly don''t want to confuse things by assigning any default gateway out of that

I have built a fedora 3 test box that has 4 pptp client vpn''s from my T-1 to a Group of businesses (test environment). The businesses all have pptp vpn concentrators on their ends. The purpose is that all of the businesses will be at an offsite location together for a 3 day sale. I have the box working now with the latest ver of shorewall with two nics on this fedora box eth0 will

Hey Tom, I have successfully set up to servers on a Dmz practice network woohoo :). If I take out the proxyarp option in /etc/shorewall/interfaces Then Dmz can ping outside ip''s on the net but not and of my servers on network 66.224.62.96/27 (Other than its own gateway server 66.224.62.120) The reason I ask is to learn. I thought I would not need the proxyarp option for this to

Hey Tom, This is my T-1 slash 27 network btw. How does this look??? for---- net eth0 66.224.62.120 ----dmz eth1 66.224.62.120 This box is for practice Dmz we talked about. with the pratice Dmz server''s Ip 66.224.62.121 routing and interface''s below [root@66-224-62-120 root]# ifconfig eth0 Link encap:Ethernet HWaddr

Hello all: I''ve read the documentation and am not quite sure where to start. What I''m trying to do is build a network with a 3 NIC Shorewall router. My system is behind a routed /49 network. I''d like to use 2 or 3 of the static IP addresses for my DMZ ( DNS server, mail, webserver etc ) and then have my remaining machines in a private network NATed is some way. My

Hello Group I am trying to set up a demo of Squid at my location to to a person that has proxy ports blocked on his firewall at his location by having him set his IE Browser set to use proxy server 64.42.49.235 port 80. My thinking was to set up a rule in shorewall which redirects port 80 to 3128 as in a local setting. My test server is running rh 7.3, Shorewall 1.3.14 with one interface

While I''m in temporary retirement, I''ve decided spend a little time experimenting with new things and making some updates to the web site. The biggest result of this effort to date has been: http://shorewall.sf.net/Shorewall_Squid_Usage.html This outlines how to use Squid as a transparent proxy running on the firewall, in the DMZ or in the local network. In the latter two

Hello, I've got a problem in a sql query! for(j in 1:length(criteria$Title)) { graphe_par<-sqlQuery(channel,"select q.type,crit.Title, r.Value from criteria crit, reply r,question_reply qr, question q, question_criteria qc, form_question fq where qr.reply=r.ID and qr.question=q.ID and qc.question=q.ID and crit.ID=qc.criteria and fq.question=q.ID and fq.form=4 and

The 2.6 kernel series includes Netfilter ''physdev'' match support. That support makes it feasible for Shorewall to support bridge/firewall configurations. I''m looking for early testers of such support. Requirements: a) Willing to run Shorewall 2.0.0-RC1 or later (RC1 will be released in a day or so) plus private updates. b) Running a 2.6 kernel or a 2.4 kernel with

Is there a way to listen on port 25 for repeated dictionary attacks to harvest email address and blacklist that Ip with shorewall? Thanks, Mike

Hi, I am trying to configure the SMTP service on DMZ host. Added the rule: ACCEPT wan dmz:66.58.99.84 tcp pop3 - ACCEPT wan dmz:66.58.99.84 tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp pop3 - issued shorewall clear, shorewall restart, but still couldn''t telnet to the mail server

Hello list, I am in the process of switching from IPCOP to Shorewall s the firewall for our small office. I very much like the fact that Shorewall runs on top of the same OS (openSuSE 11.4) that I run on the server and my desktop. Our setup is fairly straightforward. We have 8 static ip addresses from our ISP, which provides a cable modem and a Cisco 800 series router. The ip addresses are

Hi, I would like to compare 2 lists resulted from a sql query! bu there are different levels, so when I want to do: release1<-sqlQuery(channel,paste("select distinct c.ID,c.Title TitleCrit from category cat, category_criteria cc, criteria c, question_criteria qc, question q, form_question fq, form f, release_form rf, release r, product_release pr, product p where cat.ID=cc.category and

Can someone help me with this problem: My host on the DMZ is inaccessible from the WAN on port 25. I tried to telnet but getting: $ telnet 66.58.99.84 25 Trying 66.58.99.84... telnet: Unable to connect to remote host: No route to host My shorewall/proxyarp is: #address interface external haveroute 66.58.99.82 eth1 eth0 No 66.58.99.84 eth1