similar to: Practice Dmz

Hello, You may recall some of My Dmz question around Thanksgiving. While I have configured a Proxy arp Dmz. I would like to practice with the routed setup you suggested Tom as your network was simular. Here is one of your quotes "The configuration of eth2 is largely irrelevant but you certainly don''t want to confuse things by assigning any default gateway out of that

Hey Tom, I have successfully set up to servers on a Dmz practice network woohoo :). If I take out the proxyarp option in /etc/shorewall/interfaces Then Dmz can ping outside ip''s on the net but not and of my servers on network 66.224.62.96/27 (Other than its own gateway server 66.224.62.120) The reason I ask is to learn. I thought I would not need the proxyarp option for this to

Mike Lander wrote: > I am building a shorewall box that the last post has the SSH error and > wanted > some feedback from the list if possible. At first I thought the two ISP''s > I > building this > for had two T-1''s with FQ ip''s as it. I have the box built for this ready > to > go. > Now I find out that one of the T-1''s is

I noticed the long standing Ipsec FSwan problem was fixed. But do you still have to make sure Ipec is not running when shorewall starts Reason I ask Is I could not get my Dmz working with Ipsec in the equation. Thanks Mike

I have had a web server listining sql-1433, www 80, ftp-21 using proxy arp with sub-netting in a three interface DMZ. All these ports are in the rules file as ACCEPT. With one exeception that 1433 allows a few host from the net. 21 and 80 allow all net to dmz connections. The policy is DMZ to net ACCEPT This has been working great for about a month or more until I rebooted the

Hello Tom, I am not sure if you can help with this but I am at my wits end. If you hit this site and do a force refresh (ctrl + F5) the site will time out and lose connections. Do the same on port 443 and it does not time out??? The web site I am reffering to is www.tituswill.com I think the only problem is port 80. Do you have any idea how to diagnose this I have sent a dump of just

Is anyone using user sets? I''m considering dropping support for them in 2.0 in favor of just listing individual user/groups in the rules file. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

In an effert move my Dmz from a snapqear roouter to Linux with shorewall. Question is I have network 64.42.53.200/29 which makes default gw 64.42.53.201 network 64.42.53.200 broadcast 64.42.53.207 mask 255.255.255.248 and I want to set up shorewall with eth0 64.42.53.202 eth1 local eth2 dmz where dmz will use say 64.42.53.203 for web and email server. Where I do not need or should I say use

While I''m in temporary retirement, I''ve decided spend a little time experimenting with new things and making some updates to the web site. The biggest result of this effort to date has been: http://shorewall.sf.net/Shorewall_Squid_Usage.html This outlines how to use Squid as a transparent proxy running on the firewall, in the DMZ or in the local network. In the latter two

Hello Tom, I have successfully configured proxy arp subnettinng on my network with three hosts in a Dmz. And it works great. (using proxyarp in interfaces) I also tryed this on network below same trouble. However for this network below I have tryed to configure one host in a Dmz (using /etc/shorewall/proxyarp) which works and comes up after I set it up and clear Isp''s arp

Can someone help me with this problem: My host on the DMZ is inaccessible from the WAN on port 25. I tried to telnet but getting: $ telnet 66.58.99.84 25 Trying 66.58.99.84... telnet: Unable to connect to remote host: No route to host My shorewall/proxyarp is: #address interface external haveroute 66.58.99.82 eth1 eth0 No 66.58.99.84 eth1

Hi, I am trying to configure the SMTP service on DMZ host. Added the rule: ACCEPT wan dmz:66.58.99.84 tcp pop3 - ACCEPT wan dmz:66.58.99.84 tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp pop3 - issued shorewall clear, shorewall restart, but still couldn''t telnet to the mail server

I have a NetGear FV318 living in my DMZ, with one of its LAN-ports living in my LOC zone. What rules are needed in shorewall to allow a certain subnet to make connections to this device from the net zone? Do I define it as a tunnel in shorewall/tunnels, or do I just allow some selected traffic to the DMZ IP? I am not sure which of the docs are right for me in this case?

my interfaces file: net eth0 155.229.27.55 loc eth1 192.168.1.231 dmz eth2 192.168.100.1 route -n: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 155.229.27.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

OK, I spammed the mailing list recently, but I will be fired if I can''t solve the problem today. (just kidding, but I did waste lots of time on it :( ) The common configuration for teql is for two computers connected directly with two links. My topology is a little different: one link is connected directly, but the other is connected through a gateway. My problem is teql can''t

I am not quite sure if this issue relates to iptables, routing or Xen virtual machines. Too many variables for my simple mind, so I'm asking some advice :) This is my network setup: Internet --- eth2 + CentOS dom0 / firewall / router + eth1 (xenbr1) --- LAN with private IPs --- separate file server and workstations + eth0 (xenbr0)

Hi all, I have set up a working OpenVPN2 connection between my Server and my gateway at home. Now I want all traffic to be routed through this VPN connection. Currently everything is going through eth1 to the internet (to the gateway of the University which forwards it to the internet :-). We must use a prox-server and because of this I am not abel to watch the real-Media streams on

I have a three interface network (net,loc,dmz). The internet interface (eth0) has a static IP. Windows machine in the local network (eth1) use DHCP to get IPs from the 192.168.10.0/24 netblock. The Debian machine in the DMZ (eth2) gets a fixed IP through DHCP in the 192.168.11.0/24 netblock. The DHCP server is running on the firewall machine (not ideal, I know, but that''s the way

From reading the documentation, I understand that it is recommended to put servers that may be at risk in a DMZ served via proxy-arp. In this case, the local clients that are behind a NAT would have their connections to the DMZ masqueraded, yes? Is there any way around this that would still be considered secure? Just looking for advice. Thanks, A.

I am trying to add a machine into my dmz. It is the first machine I''ve ever added to this dmz and fro some reason I cannot establish communication between the dmz and the machine. Here is an example of my setup: ISP router --> firewall (eth0) firewall (eth1) --> local network firewall (eth2) --> DMZ eth0 and eth2 have public IP addresses as does the machine I just added to