similar to: a way to prevent LAN from reaching a list of IP/FQDN

I have a DMZ (eth2: 10.0.100.0) and a LOC1 (eth0: 10.0.0.0) defined on my firewall. On one of the port on the switch serving LOC1 I have now a router and a switch feeding a bunch of computers with net=10.0.200.0. While I have defined a route to reach LOC2, I would like to define also a specific zone in order to assign different rules to it. Is it possible ? if yes, what is the syntax of the

Is there a way to state that a REJECT rule, for instance, applies to all IP addresses belonging to the <domain.xyz> domain? Costantino

Having moved from a "cascading LANs" configuration to two independent LANs on eth0 and eth1, I still get some "state INVALID" for which I am not sure what the cause is. Can somebody help me understand its probable origin? Thanks, Costantino [see attachment]

Dear friends, this time I have a problem with using waba function. Firstly, I'll explain you my situation. In the survey a gruop of supervisors judge the dipendents of a company. One supervisor reported on more than one subordinate. Thus, I need to show that lack of independence is not a problem, and a reviewer told me to use WABA. The question is, how? In which way i can build my X and Y?

i am looking at using btrfs for a new project and i have a few questions:     * i have heard that as it currently stands Btrfs has some issues to be used as a Lustre file system; is he aware of the issues and any plans to address these and integrate Btrfs in to Lustre     * any plans to support native clustering on Btrfs     * on ZFS the ZIL is a separate device, any plans to implement a the

Dear users, i'm using the sem package in R, because i need to improve a confermative factor analisys. I have so many questions in my survey, and i suppose, for example, that Question 1 (Q1) Q2 and Q3 explain the same thing (factor F1), Q4,Q5 and Q6 explain F2 and Q7 and Q8 explain F3... For check that what i supposed is true, i run this code to see if the values of loadings are big or not.

Hi all, I hope someone can help me with this please. One of our clients has an in-house Postfix mailserver which basically downloads mail for the individual users from our mail server hosted on the web using fetchmail. They use our SMTP server to send mail. Their email clients are then setup to get & send mail from the server, on 192.168.2.254 (for POP3 & SMTP). All mail between them

Hi all, does it work to define iptables rules with a fqdn as destination instead of an IP address? Or is it useful to resolve the name first using e.g. nslookup, writing the result to a variable which is then used within the -d statement? Best Regards Marcus

Hi, I've a question about a FQDN VS Shorewall configuration: I'd like to install a firewall that should forward the web requests to different web servers (iis, apache, and so on...); all web sites are registered with the same ip to internic (eg. www.example1.com-->151.99.234.3-->apache-server, www.example2.com-- >151.99.234.3-->iis-server, etc...) so I'm wondering if I

Hi! I'm running FreeNAS 0.7RC1 with Samba 3.0.34. It's joined to my windows AD, and I can see all users, and etc. My XP clients don't have any issues connecting using either FQDN or IP, while my vista clients suffer from the problem that if I try to connect to the NAS by entering the following address: "\\nas01.domain.com", it keeps asking me for username and password, no

Hi, I have an interesting issue. I?m running a redhat 9 box with samba 3.0.7, and Kerberos 1.3.1. I?ve joined the machine to the AD2k3 domain, and all the informational commands respond as expected, getent's, wbinfo ?g ?t, and net ads*** and also 'smbclient -k //otherdomainserver/share' works as it should from the server's terminal. when connecting to the server with a windows

I have a Debian woody running Samba 3.0.2a in ads security mode as member of a Windows 2003 Active Directory, I run winbind+pam, wbinfo e net ads testjoin, its all working fine. >From any workstation, or even from the W2003 domain controller itself, I can?t access the samba server as \\linuxnetbiosname <file:///\\linuxnetbiosname> , as \\machine_ip_address

Hello all, a private ip 192.168.x.x win32 box will not connect with psftp (win32 sftp client) to an external public ip ssh/sftp server. but i can connect with console sftp client on my shorewall/unix box to that sftp/ssh server without any problems. i can also use putty (win32 ssh client) from the internal box. now i thought, sftp is also using the ssh port, and netstat on my firewall tells me

I am running shorewall 1.4.8-1 on my firewall. I am also running poptop on this firewall for remote VPN clients to connect to our local network. I would like to set some options in pppd, so that after 2 failed user/pass attempts are tried, the IP address is blacklisted, and an email is sent to the admin of this IP address that has been blacklisted. I know this may be more of a ppp question than

Hi, I've tried to use SIPSAK to understand the troubles i'm having about sending my voice to the person I've called (extension), after doing this tests below I always got this error "error: this FQDN or IP is not valid: voicegw". This could cause problems (namely audio problems)? Best regards, Helder voicegw:~# sipsak -C empty -a password -s

Hello there, I can modify /etc/shorewall/tcdevices to control overall IN-BANDWITH. It is quite effective. Just change 2mbit to 128kbit. However, how do I limit download speed for a certain host IP on the LAN? I want to limit host 192.168.1.140 download speed to 128Kbit. Other hosts on the 192.168.1.0 LAN can still surf at 2mbit. Any input welcome. Kind Regards, Michael

I''m using shorewall 2.0.x at home as an Internet gateway for family. However my brother always plays online games overnight, so my parents asked whether I can do something on the gateway to control the time of accessing the Internet. I planned to put a script on crontab to schedule which it will execute say at 12:00 night daily, the script will execute a command will deny my brother

I''ve found the below rule, is it possible to use it with shorewall? I see how to setup the timing/rates but how to perform loggin of such action (a separate rule?). as an additional question is i possible to dynamically add hosts to blacklist and persist this between restarts? " SSH -A PREROUTING -m tcp -p tcp -d $EXTERNAL --dport 22 -m recent --rcheck --hitcount 3 --seconds 600 -j

Hi all, I have a strange goal..... the setup: two sites ("a" and "b") both with linux machines running shorewall. a machine at site ''a'' needs to connect to services on a machine at site ''b''. both sites have dsl with dynamicaly assigned ip addresses. site ''b''s ip can be resolved from siteb.dynamic.dns.com (one of

Hello, I am testing Puppet and I would like to use it without having to add a DNS entry. Is there a way around this, or am I required to rely on DNS? More specifically, the reason I ask is I am getting the following error when trying to invoke puppet --mkusers: # puppet master --mkusers warning: Could not retrieve fact fqdn Could not parse for environment production: Could not find file /root/