similar to: [OT] - Problem in DMZ

Hello shorewall-users, we have a strange problem where some of our customers cannot access our webshop, but most of the customers can. I have been slowly eliminating possibilities and am now left with either the firewall (Shorewall 1.4) or the webshop server. What appears a lot in the logfiles is: Jul 26 11:51:04 gw kernel: Shorewall:logdrop:DROP:IN=eth0 OUT=eth1 SRC=84.128.198.240

Hello all, Running the "ancient" 1.4.7-RC1 version I have a problem with port forwarding. I have for a number of external fixed IP addresses forwarding to an internal terminal server - this works :-) DNAT net:111.22.33.44 loc:192.168.1.11 tcp 3389 DNAT net:222.33.44.55 loc:192.168.1.11 tcp 3389 Now I need to forward port 80 from one external address to an

Hello shorewall-users, now that I''ve got v1.4 problems solved I''d just like to ask a general question. Are there any real benefits to upgrading if v1.4 does what I want ? I''m not a fan of bleeding-edge in production and I don''t go for "v2 must be better than v1 because it''s newer" Tom, if you have a few minutes, what''s new in 2.0

Hello all, I''m setting up (for the first time) IPsec and have a question I need to allow another location access to a specific server in our local network, and deny access to all other servers I have followed Tom''s IPsec tunnel guide and setup a vpn zone, but I don''t want to allow all traffic in both directions so I haven''t added a general policy for vpn.

I am faced with a network that needs to autoswitch to isdn should T-1 go down. After a shorewall search it looks to be quite a deal with routing config with linux. Like scripts written to deal with knowing the T-1 is down. I looked into a cisco router that does this. around $3000 This network has used shorewall as the gateway for 4 years now. Currently Fedora as op. system. It appears to me

Hi I am looking at converting a Linux terminal server box to iptables using Shorewall 2.0. (At the moment it uses ipchains). The server currently has scripts which are called as each user logs in which run a series of "ipchains" commands to set the access rights for that user (and again to cancel them when the user logs out). My plan is to replace these scripts with ones that call

Shorewall 2.2.0 is expected to be released in the February/March timeframe so it is now time to begin thinking about preparing to upgrade. This is particularly important for those of you still running Shorewall 1.4 since support for that version will end with the release of 2.2. For those of you still running Shorewall 1.4, here are some things that you can do ahead of time to ease the upgrade to

I am not quite sure if this issue relates to iptables, routing or Xen virtual machines. Too many variables for my simple mind, so I'm asking some advice :) This is my network setup: Internet --- eth2 + CentOS dom0 / firewall / router + eth1 (xenbr1) --- LAN with private IPs --- separate file server and workstations + eth0 (xenbr0)

Hi, I have an R script (transferred from SPLUS) and would like to compile a standalone EXE (or DLL) for WINNT. Would somebody know how this works or how it could be done ? Thanks so much for any hints and suggestions; best regards F. Falk Huettmann Geography Dept.-Earth Science- 2500 University Drive N.W. University of Calgary Calgary AB, T2N 1N4 CANADA Email: falk at ucalgary.ca Tel. 403

I have a problem. When I mount my CD (witch is on WIN97 machine) using smbmount I do not see all files in all dirs. If dir have more then, let say, 100 files (it is not the same every time), I do not see all files. This is a problem because on my Linux box I do not have CD-ROM, so if I have to install some packages I first have to copy rpm files on disk, and then install them witch is annoying.

> I ran testparm and got: name resolve order = lmhosts host wins bcast > > When I put the workstation netbios name in /etc/hosts smbmount works as > advertised, but it seems to ignore /etc/lmhosts > > How can I identify samba's root from an RPM installation? > > > Graham > > -----Original Message----- > From: Maurice Lefebvre

Does anyone have any experience using a PRI gateway, I am looking for a way to have multiple asterisk boxes use one PRI, and send that over the network. I herd there are copper gateway devices (like a X100P card, only it registers with asterisk using sip, and it doesn't have to be physically connected to the box) Does anyone have any experience with a PRI gateway? And could tell me the cost

I have coded a patch witch allows to forward environment variables from the client to the server. To specify forwarding in your ssh client add the option ForwardEnv varname # forward varname with value # as in environment of the # ssh client. If variable is # not defined in the environment # of the ssh client nothing will # be forwarded. ForwardEnv varname=value # forward

Hi, I''m wondering why SIGINT and SIGTERM both were chosen for the quick shutdown? I agree with SIGINT but not with SIGTERM. A lot of unix tools send SIGTERM as default (kill, runit among some) and it seems to be the standard way of telling a process to quit gracefully but not among Ruby people (there are a few other ruby processes behaving the same way). I just think it''s weird

Can someone show me how to set up DUNDi, I will be using it to connect 14 asterisk servers internally. I don't want to use it on the external world. If anyone has any examples of connecting 2 or 3 (if their is a difference) machines in a DUNDi co-operation that would be helpful. Johnathan Falk Network Administrator Clinton Community Schools

I have a three interface network (net,loc,dmz). The internet interface (eth0) has a static IP. Windows machine in the local network (eth1) use DHCP to get IPs from the 192.168.10.0/24 netblock. The Debian machine in the DMZ (eth2) gets a fixed IP through DHCP in the 192.168.11.0/24 netblock. The DHCP server is running on the firewall machine (not ideal, I know, but that''s the way

Dear list, I am looking for some help with the format of extracted residual values output from: residuals (model1) [1] 0.74140534 0.72464895 0.74873373 0.78313611 0.78836470 0.76934676 0.77448847 0.78465077 0.79278282 [10] 0.80852056 0.81442047 0.80890838 0.78335232 0.83127343 0.85895985 0.85743700 0.83578769 0.82265972 [19] 0.81611939 0.84459841 0.84346431 0.83469399 0.86057807

Could someone help me understand this Basically I want to know the position of certain numbers in large output data sets. First consider the following simple example where we get the postions of ones (1) in the vector q. > q <- c(5,1,1,3,1,1,1,1) > q [1] 5 1 1 3 1 1 1 1 > for (i in 1:length(q)) if(q[i]==1) print(i) [1] 2 [1] 3 [1] 5 [1] 6 [1] 7 [1] 8 Well done! But now consider

I am trying to add a machine into my dmz. It is the first machine I''ve ever added to this dmz and fro some reason I cannot establish communication between the dmz and the machine. Here is an example of my setup: ISP router --> firewall (eth0) firewall (eth1) --> local network firewall (eth2) --> DMZ eth0 and eth2 have public IP addresses as does the machine I just added to

Hi, in a three interface firewall I have eth0, loc, 10.1.5.1/16 eth1, int, 200.41.61.228/29 eth2, dmz, 192.168.1.1/24 (un)fortunately I got a group of public ip?s to use, so here is my problem in the dmz I have 192.168.1.3 redirected from eth1 alias 200.41.61.226 (a web server, works perfect). I am trying to set up a mail server also, a different machine, so I can?t use proxyarp, as with this,