similar to: squid/dmz/5

Hi, I want forward port 21 and 443 to my squid. A simply rule (dnat) didnt help me. My http - port (only 80) will forwarded to my squid. It runs fine. Here I have used the HowTo from Tom and the hints from http://lartc.org/. I want to do the same with port 21 as port 80. My network: Shorewall: eth0 net (192.168.108.1) eth1 dmz (192.168.109.1) eth2 loc (192.168.110.1) eth3 loc1

Harry Lachanas wrote: > Finally got it .... > > Thank god that I''ve stepped over this link > > http://mailman.ds9a.nl/pipermail/lartc/2002q3/005039.html > > Which states the reason why the www packets were not routed corectly.. > > the ip rule syntax requires the fwmark parameter to be in hex NOT in decimal > > Dear Tom, > since I''ve

Hi Folks, XEN seems to me to be the ideal partner to create a complete DMZ with firewall, router, "Bastios Host(s)" etc within a single PC. So far, I haven''t found any cookbook or how to (at least for the beginning). Anyone knows of such thing? Regards Falko _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com

Hi list... I work for a school in the netherlands with a 2mbit Internet uplink and about 3800 eager student who want to play games on the Internet using one of our 800 workstations. Problem was that those game playing students are concentrated in 2 of our 6 physical locations... and they consumed the bandwidth which the other location would like to use for educational purposes. The thing we did

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I mean http://users.gurulink.com/drk/transproxy/TransparentProxy.html on "6. Transparent Proxy to a Remote Box." Thanks - -------- Original Message -------- Subject: Squid on remote Box Date: Wed, 16 Mar 2005 17:16:35 +0700 From: Royke K <royke4k@cbn.net.id> To: shorewall-users@lists.shorewall.net How do I configure port

Dear All, Linux Kernel 2.4.20-8 Running Shorewall 2.2.0 ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:48:54:53:82:45 brd ff:ff:ff:ff:ff:ff inet 62.68.254.178/28 brd

I have a three interface network (net,loc,dmz). The internet interface (eth0) has a static IP. Windows machine in the local network (eth1) use DHCP to get IPs from the 192.168.10.0/24 netblock. The Debian machine in the DMZ (eth2) gets a fixed IP through DHCP in the 192.168.11.0/24 netblock. The DHCP server is running on the firewall machine (not ideal, I know, but that''s the way

I am trying to add a machine into my dmz. It is the first machine I''ve ever added to this dmz and fro some reason I cannot establish communication between the dmz and the machine. Here is an example of my setup: ISP router --> firewall (eth0) firewall (eth1) --> local network firewall (eth2) --> DMZ eth0 and eth2 have public IP addresses as does the machine I just added to

Hi everyone, I have a question regarding the default gateway for hosts on DMZ zone. I moved servers from parallel to the DMZ (outside the firewall, directly connected to I-net) to inside DMZ. The default gw for these servers was the DSL router(bridge) of my ISP. What should be the default gw (for the hosts inside the DMZ), when hosts are inside the DMZ now - still the DSL router (external

That log message looks like someone (or some program) is trying to browse to moreover.com from your web server machine--it''s not a reply to an external request. You''d see messages like that if you were running some sort of HTTP proxy server (like Squid) on that box (although they''d likely be to multiple IPs, unless your users only browsed to p.moreover.com). It could

How would I use Big Brother with Shorewall and my loc and dmz zones to monitor hosts in both zones? If Big Brother''s server is on my LAN (loc) is it "safe" to forward the bb port from the dmz to the LAN? What would the security risks of this be? Common sense says that it may not be a good idea to forward stuff from the dmz to the LAN, but I''m inexperienced and unsure

Hi, in a three interface firewall I have eth0, loc, 10.1.5.1/16 eth1, int, 200.41.61.228/29 eth2, dmz, 192.168.1.1/24 (un)fortunately I got a group of public ip?s to use, so here is my problem in the dmz I have 192.168.1.3 redirected from eth1 alias 200.41.61.226 (a web server, works perfect). I am trying to set up a mail server also, a different machine, so I can?t use proxyarp, as with this,

Hello !! I ve just install shorewall-common and shorewall-shell I can''t defined a network using the CIDR format for my DMZ in /etc/shorewall/hosts fast eth2:172.17.0.0/16 epac eth2:172.18.0.0/16 fsa eth2:172.19.0.0/16 bu eth2:172.20.0.0/16 recto eth2:172.21.0.0/16 dmz eth1:81.91.225.224/27 I receive this error: ERROR: Invalid zone definition for

Hello all, Name is Andrew and in desperate need of some info. Setup: - Mandrake 9.1 with three interfaces (eth0 --> WAN) C-class /28 network (with tree virtual addresses which I am DNAT-ing to the DMZ) (eth1 --> LAN) A-class 10.0.0.0/8 (eth2 --> DMZ) A-class subnet 10.1.123.0/24 - Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk Dilemma: - LAN can not access the DMZ zone

From reading the documentation, I understand that it is recommended to put servers that may be at risk in a DMZ served via proxy-arp. In this case, the local clients that are behind a NAT would have their connections to the DMZ masqueraded, yes? Is there any way around this that would still be considered secure? Just looking for advice. Thanks, A.

My sincere apologies to all on this list. After looking for returning packets with tcpdump and not finding ANY I called our provider to confirm our IP assignment. The IP range that I was given by my boss was incorrect. After adjusting the ip assignments, everything is working perfectly. Thank you all for your time in troubleshooting this, and I hope to be able to return the favor at some

Tom, I have used Shorewall now for 4-5 weeks and I''m really impresssed by the power and flexibility of the package. I''m running Two-Interface Firewall with a MASQ''ed Shorewall (on SUSE 8.0) to protect my LAN (5 WIN XP''s and a WIN2K Server acting as PDC). The Shorewall Linux box has two NIC''s (eth0 to Internet and eth1 to my LAN Switch) and is also

hello there, im running a 3interface inet, dmz, loc. i have some public ip addresses. one public address is the router of the provider, the second one is the linux box running shorewall. all other public interfaces are on the dmz nic with proxy-arp. now whenever i do a traceroute (the dmz boxes are windows, icmp traceroute) the very first hop gets timeout/stars, then the router of the provider

There is such a wealth of knowledge and personal experience on this list that I'd like to get your opinions on our current situation. Currently, we have a simple tri-homed firewall with the internal network on one interface, the dmz on another, and the dirty internet on the last. Also, there is a spare interface on the box which is unused. We use CentOS and manually maintain our rule sets