similar to: odd problem with proxyarp and DNAT

Hi, I am trying to redirect my subnet thru squid and it seems to be working. However I decided tu exclude two hosts from the redirect (ie acces the net directly) and can''t manage to achieve that. I am using the following rule: REDIRECT loc:!192.168.13.48,!192.168.13.200 3128 tcp 80 - With this rule everything gets redirected thru squid. I also tried:

Hi, I have shorewall 2.0.8 installed on a linux box. Recently I moved to a setup with a front/back firewall With shorewall acting as a front firewall and M$ ISA Server 2004 acting as a back firewall. I turned all ''intrusion alerts'' On at the ISA server expecting not to get any since shorewall should block everything. Now to the problem: I am getting quite a few alerts

Hi, I wrote a mail a few days ago concerning my setup with a front/back firewall, shorewall being front and ISA server 2004 acting as back firewall. I said that ISA server is logging some "intrusion attempts" namely requests coming from external interface to the internal network. As this shouldn''t happen (all intrusion attempts should be stopped by shorewall) I begun to

Good point Stijn, I am sorry to post without subject and such it must be the early morning. The relevant entries in my rules file: ACCEPT net fw tcp 25 ACCEPT net fw tcp 80 ACCEPT net fw tcp 22 ACCEPT net fw tcp 21 ACCEPT net fw udp 21 REJECT loc

Ok this is admittedly OT, but when you want network advice you go to where network gurus hang... When popping mail from my primary mail server (Linux) from my linux laptop a simple mail check takes 15 seconds to connect when using a wireless nic (802.11g) and 1 second using the hardwired nic. Popping my backup mailserver (also linux) which is sitting RIGHT BESIDE the primary takes one second

Hi- One last question for the week, I promise. I''ve got one IP ProxyArp''d according to the instructions at http://www.shorewall.net/ProxyARP.htm. I''ve setup the shorewall/proxyarp file as follows: #ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT 208.4.145.73 br0 eth1 no yes #LAST LINE -- ADD YOUR ENTRIES

Hi Folks, Can i account proxyarped pc´s ?? Like know how much web traffic passthru a specific person ip using shorewall ? So i can know how much bandwidth that specific IP EAT ? Thanks alot Carlos Arnt ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward

Hi, In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall external interface and the DMZ interface are in a completely different network . That means the gateway of the External interface and the hosts in ProxyARPed DMZ zones are in different network. eth0 ---in 220.227.X.Y/30 -- shorewall external interface eth1 ---in 220.227.A.B/27 -- shorewall

Tom, Is not this query worth answering? -Siva -----Original Message----- From: Sivamurugu K. Pillai Sent: Friday, April 08, 2005 3:14 PM To: ''Mailing List for Shorewall Users'' Subject: ProxyARP in a Routed environment Hi, In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall external interface and the DMZ interface are in a

Would it be considered normal that a system behind a shorewall box that was setup for proxyarp and able to be reached from the trusted side of the net just fine on the proxyapr ip address would if it were to talk out to the world show as traffic not from the proxyarp address but the firewall''s own address or the masquerading ip used by other zones? We had not really noticed this as an

shorewall-users hi,ALL I have a firewall have three interface, one NIC is internal (eth0), second NIC is SSN(eth2), and other NIC is external(eth1), on internal network have 10.0.1.59 and gw 10.0.1.163 eth0: 192.168.1.254/24 eth1: 10.0.1.55/24 gw 10.0.1.163 I use shorewall''s proxyarp 10.0.1.59 eth1 eth0 no no that is OK. I saw /usr/share/shorewall/firewall, I

Hi , I have a dude. I have four nic. Lan, wan, dmz1 and dmz2. I use proxy arp for dmz1 and work great. But in dmz2 have 2 machine with heartbeat. IP are type 192.168.x.x If use nat work fine from wan to dmz2, but from lan ?? how to access valid ip ?? Sorry for my bad english :)

I forgot to include my masq file. It''s pretty straightforward: eth2 eth0 eth2 eth1 Cheers, Brian

My ISP has DHCP-assigned IP-addresses. I wonder if someone has tried using proxyarp for a DMZ with DHCP-assigned public IP?

Our VPN runs for 3 months very well with a minimum of traffic <100 kbit/s. Only DNS Zones and nagios passive checks were transferred. Everything seems to work. Left side is x.x.x.14 (host 1) Subnet 10.0.0.0/24 openswan 2.4.4 shorewall 2.4.2 & iptables 1.3.4 gentoo 2.6.12-r9 with policy match It´s reachable through a proxyarp entry on x.x.x.11 (host 2) which is another gentoo 2.6.12-r9

Hola a todos, perdonar que escriba en español pero no tengo traductor a mano.. intento configurar shorewall siguiendo esta guía: http://www.montanalinux.org/proxmox-ve-with-shorewall.html pero me dice esto con el shorewall check: Checking /etc/shorewall/interfaces... ERROR: Unknown zone (dmz) : /etc/shorewall/interfaces (line 16) ¿cómo puedo definirla en el archivo de zonas? gracias y perdonar

Hello All, I am using shorewall 2.0.7. first i give you my config here and will tell you my problem. ProxyARP: 203.77.204.85 eth1 eth0 no Interface: net eth0 203.77.204.87 loc eth1 192.168.0.255 routeback Masq : eth0 192.168.0.0/24 203.77.204.86 Rules: # Squid access REDIRECT loc 8080 tcp

I am trying to implement the following structure in OpenLDAP for a backend to Samba 3: / ou=People /ou=Internal-----<- ou=Groups dc=btd,dc=com ---< \ ou=Computers \ou=External I have been able to authenticate users but they are only able to access shares based on their primary group. I am wondering if

I´ve figured out the following. I am able to sftp from shorewall 2.4.2 left vpn gateway x.x.x.14 (DMZ) to shorewall 2.4.1 fw x.x.x.11 with /etc/shorewall/proxyarp x.x.x.14 eth2 eth0 No very well. That´s not through a tunnel (of course a ssh tunnel, but no vpn) but with public ip x.x.x.14 to x.x.x.11 If I try to sftp through the fw to the public internet I have the same

Hello all, I have a question in regards to proxyarp and shorewall, I am new to shorewall and I have 5 static IP address from my ISP. My current setup is that I have one system with three network cards, (eth0 = xx.xx.xx.42, eth1 = 192.168.110.41 eth2 = 10.10.10.41), two systems with two network cards, (eth0 = xx.xx.xx.41 and eth1 = 10.10.10.42/44), I want to get rid of the eth1 of the two systems