similar to: (no subject)

I have some hosts in a DMZ zone with proxyarp. In my local zone I have a host to which I DNAT. I have discovered that I can reach the host in the local zone by attempting to connect to the fw (As expected) or ANY proxyarped host in my dmz zone (as not expected). Is this normal ? (I''ve just discovered that actually the dnated host answers to requests sent to any IP routed to my host!)

Hi, I am trying to redirect my subnet thru squid and it seems to be working. However I decided tu exclude two hosts from the redirect (ie acces the net directly) and can''t manage to achieve that. I am using the following rule: REDIRECT loc:!192.168.13.48,!192.168.13.200 3128 tcp 80 - With this rule everything gets redirected thru squid. I also tried:

Good point Stijn, I am sorry to post without subject and such it must be the early morning. The relevant entries in my rules file: ACCEPT net fw tcp 25 ACCEPT net fw tcp 80 ACCEPT net fw tcp 22 ACCEPT net fw tcp 21 ACCEPT net fw udp 21 REJECT loc

Hi, I wrote a mail a few days ago concerning my setup with a front/back firewall, shorewall being front and ISA server 2004 acting as back firewall. I said that ISA server is logging some "intrusion attempts" namely requests coming from external interface to the internal network. As this shouldn''t happen (all intrusion attempts should be stopped by shorewall) I begun to

Ok this is admittedly OT, but when you want network advice you go to where network gurus hang... When popping mail from my primary mail server (Linux) from my linux laptop a simple mail check takes 15 seconds to connect when using a wireless nic (802.11g) and 1 second using the hardwired nic. Popping my backup mailserver (also linux) which is sitting RIGHT BESIDE the primary takes one second

Shorewall version 2.2.1 2 Interface setup. eth1: 10.10.1.3 eth0: 192.168.1.2 modem is 192.168.1.1 I need to be able to connect to my adsl modem, but when shorewall is up I get connection rejected. I have added "192.168.1.1 RETURN" above the line "192.168.0.0/16 logdrop # RFC 1918" in "/etc/shorewall/rfc1918" but still getting connection rejected Is there

Hello all, Recently I migrated all telephony in my house to asterisk thanks to the Asterisk, QuadBRI which works wonderfully well. Some small tweaks to make but that's on the long list. On the short list is the ability to reliable send and receive SMS. For SMS I already built a script email2sms, but sometimes the SMS doesn't get send from some reason, the sms log then reports something

Hello all, Yesterday I noticed that my system was "leaking" traffic towards the 10/8 network, I have shorewall installed on multiple machines ranging from single interface devices to ones with 10+ interfaces. I tested all the boxes and they are showing the same behavior. All systems are CentOS 3.4, 2.4.21-27.0.2.ELsmp. Shorewall version: 2.2.1 For the host mentioned is a single

Bit of a shorewall newbie so if the answer is obvious please be gentle. We have been using version 1.4.2 for a while now and are very happy with how it performs, however we are looking to increase the resilience of our internet connection by providing a second internet feed. The idea being that should the primary connection fail shorewall will transparently (as far as users are concerned) switch

Hello Tom, I am not sure if you can help with this but I am at my wits end. If you hit this site and do a force refresh (ctrl + F5) the site will time out and lose connections. Do the same on port 443 and it does not time out??? The web site I am reffering to is www.tituswill.com I think the only problem is port 80. Do you have any idea how to diagnose this I have sent a dump of just

Most of the time i can find answers to my questions on the wiki, google, or searching the list now i am stuck . I have a small * box at my house running 1.0.9 stable and a devlite kit. Every thing is awesome VM, IVR, Echo canceling, and Meetme are all working great. But on Incoming caller id i need to add a 9 as a prefix to make it easier to return call from my cordless phone (cheap vtech

Hi there, I''m not sure if I can do this with shorewall, but any points on the right direction would be of great help... I need to have a LAN with access only enabled to certain set of computers. I was planning on having the dhcp server just give IPs to certain MAC addresses, but if a smart guy configures his computer manually with a valid IP for the LAN he can get access to the LAN

We have a webserver that is connected to three different networks. Due to our cabling, we have to run two of those networks over the same physical network. When connecting from OS X and Windows we are occasionally blocked because the client is sending to the wrong interface. Linux clients seem to have no problem at all. I have read the docs and understand that the problems exists because of

Hello all, Recently I purchased an QuadBRI card from junghanns.net after some playing around, reconfiguring dialplans etc with the exception of 1 thing everything seems to work: I seem to be unable to set the outbound callerid. The dutch telecom operator (KPN) provided me with 4 MSN's on 1 BRI interface. In the past years I'm more then used to setting the MSN without the leading 0, this

hi, it''d be very useful to add some kind of "log everything" option to shorewall. currently the logging is useful if you know what you would like to log. but if you don''t know than it''s a problem... another problem that currently it''s not possible to log the nat table. at least i can''t find any way (can''t add logging into masq and

Hello I got about 20 different people using 20 different PC''s in my Lan. Five of them should have unrestricted access to the internet any time of the day. Yet the rest of them should only have access at certain timeframes during the day. Two of them should have no access at all. I am well experienced in writing rules (for the rules file) that make all this possible, yet i was

Hi all, I have a client that has 4 subnets within his building, internet, office, business center and wireless. My plan is to use Shorewall but I have never tested it with more than 2 interfaces. Is this possible? Would there be any issues that might arise. Each subnet would have access to the internet but there will be no communications allowed between the others. Thanks in advance....

Hi Folks, There is any way to show my arp´s used speeds ? I have a class 24 and i´m using shorewall with arp to bypass then, there is any kind of program or even way to show my arp´s Kbps ?? Like this : Example : IP 200.200.100.100 - Speed used 20 Kbp´s etc etc I just need know how much every arped (i think it´s the right speak), Ip address take out from my total bandwidth. Thanks

Hi. I was wanting to set up a centos 6 virtual machine using the netinst iso image. I've done this for Centos 5 before but I was surprised to see that the size of the netinst iso had gone from +/- 10Mb to 227Mb. I was therefore wondering if I had the right file? If so, why did it get 22x bigger then the previous version? Regards, Johan

I setup some IPSEC between 2 networks. From 1 network I can ping the other networks local connection but not anything beyond that. Network A - 10.0.1.1 (loc) 23.23.23.23 (net) Network B - 10.0.2.1 (loc) 44.44.44.44 (net) I''m on local machine 10.0.1.10 on network A, I can ping 10.0.2.1 but I cannot ping a machine on that network ex. 10.0.2.200. I was thinking it probally has to do