similar to: Problems with Port Forwarding

Hi everyone, Sorry for asking OT here, but I need your expertise :-) I am running a standard 3 I/F net, dmz, loc Shorewall 1.4.7 on a RH 9 server In the DMZ I have a web shop running with DNAT from the external address to the DMZ - this all works I want to add a develop server in the DMZ with external access so I set this up as per the live server and from internal network it works, but from

Hello shorewall-users, we have a strange problem where some of our customers cannot access our webshop, but most of the customers can. I have been slowly eliminating possibilities and am now left with either the firewall (Shorewall 1.4) or the webshop server. What appears a lot in the logfiles is: Jul 26 11:51:04 gw kernel: Shorewall:logdrop:DROP:IN=eth0 OUT=eth1 SRC=84.128.198.240

I am faced with a network that needs to autoswitch to isdn should T-1 go down. After a shorewall search it looks to be quite a deal with routing config with linux. Like scripts written to deal with knowing the T-1 is down. I looked into a cisco router that does this. around $3000 This network has used shorewall as the gateway for 4 years now. Currently Fedora as op. system. It appears to me

Shorewall 2.2.0 is expected to be released in the February/March timeframe so it is now time to begin thinking about preparing to upgrade. This is particularly important for those of you still running Shorewall 1.4 since support for that version will end with the release of 2.2. For those of you still running Shorewall 1.4, here are some things that you can do ahead of time to ease the upgrade to

Hi I am looking at converting a Linux terminal server box to iptables using Shorewall 2.0. (At the moment it uses ipchains). The server currently has scripts which are called as each user logs in which run a series of "ipchains" commands to set the access rights for that user (and again to cancel them when the user logs out). My plan is to replace these scripts with ones that call

Hello shorewall-users, now that I''ve got v1.4 problems solved I''d just like to ask a general question. Are there any real benefits to upgrading if v1.4 does what I want ? I''m not a fan of bleeding-edge in production and I don''t go for "v2 must be better than v1 because it''s newer" Tom, if you have a few minutes, what''s new in 2.0

Hello all, I''m setting up (for the first time) IPsec and have a question I need to allow another location access to a specific server in our local network, and deny access to all other servers I have followed Tom''s IPsec tunnel guide and setup a vpn zone, but I don''t want to allow all traffic in both directions so I haven''t added a general policy for vpn.

Hi, Sorry, not an experienced shorewall user, this is my first basic setup. This starts to drive me crazy. I wanted to use DNAT to forward port 33890 to an internal machine (windows) port 3389. To reach my workstation when I''m not home. In my rules : DNAT:debug net loc:192.168.0.11:3389 tcp 33890 - pub.lic.ip.add #SECTION BLACKLIST #well known port scans DROP net

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Shorewall-3.0.3 RH9 (+legacy updates) eth0: loc: 192.168.1.0/24 eth0:0: loc: 192.168.20.0/24 eth1:: 69.70.32.8/29 I''m worked all day on an issue I found today and I just can''t find a way to fix my problem. So, basically, for now, my network looks like this: Internet ^ | (69.70.32.8/29) Firewall 192.168.1.1

Hi! I want to forward the port 3389 from the domU to the virtual server with ip address 192.168.122.77 with not success... I tried a lot of iptables rules with no luck so far. Is this possible? I take a look at other post and I don''t found an answer. By example: /sbin/iptables -t nat -A PREROUTING -p tcp -i xenbr0 --dport 3389 -j DNAT --to 192.168.122.77:3389 the virtual nic for the

Greetings all, I''m a bit of a linux rookie, but a friend and I have built a firewall running Shorewall 1.4.6c over a minimal install of Redhat 9. Out network setup looks something like this: Cable Modem : eth0 :12.xxx.xxx.3 (Zone is named INSIGHT) Campus Lan : eth1 : 10.176.9.21 (Zone is named MULAN) DMZ : eth2 : 192.168.1.0 255.255.255.0 (Zone is named DMZ) Currently, I

I apologize before hand for my newbie question, but I have done the research and I still cant find a solution. Shoreline 1.4.8 Problem: Firewall isent allowing me to port forward to server Port Open = 3389 (RDP) Line added for Port Forwarding:DNAT net loc:192.168.42.5 tcp 3389 Error Produced: Mar 11 06:37:40 net2allROP:IN=ppp0 OUT=eth1 SRC=64.x.x.xxx DST=192.168.42.2 LEN=48 TOS=0x00

1 small question i have 4 network cards on my firewall eth0 inet eth1 internel network eth2 customer network eth3 freeswan vpn is there a way that i can connect the eth2 and eth1 network together so that i can access the servers off eth1 from eth2? Marshal McInnis Tech / Web Designs 1-205-344-4455 Ext 208

Hi, I have 2 internet nic''s with differents ISPs. eth0 = isp1 eth3 = isp2 My internal network is eth1 # /etc/interfaces net eth0 detect routefilter,norfc1918,blacklist net eth3 detect routefilter,norfc1918,blacklist loc eth1 detect # /etc/policy loc net ACCEPT net net DROP

Hi, I know these are a few iptbales questions. NOT CentOS, anyway, I am running a firewall on centos 5.x. If you can response, it would be fine. I want to add a SNAT rule for one user in LAN to access one particular destination on the internet. Let's say www.centos.org I added the below rule. But . it does NOT work Pls assume 1.2.3.4 is the real ip of the firewall. ip address

I''m trying to setup some DNAT and the packets seem to be disappearing after the PREROUTING step. The packets are coming in eth2 (both LOG targets in iptables and tcpdump confirm this). They are then DNATed to an IP that should cause them to go out eth3. However I never see them go out that interface. I have tried putting LOG rules into the FORWARD chain with no success. I''m

I have a problem. When I mount my CD (witch is on WIN97 machine) using smbmount I do not see all files in all dirs. If dir have more then, let say, 100 files (it is not the same every time), I do not see all files. This is a problem because on my Linux box I do not have CD-ROM, so if I have to install some packages I first have to copy rpm files on disk, and then install them witch is annoying.

Hi, I have an R script (transferred from SPLUS) and would like to compile a standalone EXE (or DLL) for WINNT. Would somebody know how this works or how it could be done ? Thanks so much for any hints and suggestions; best regards F. Falk Huettmann Geography Dept.-Earth Science- 2500 University Drive N.W. University of Calgary Calgary AB, T2N 1N4 CANADA Email: falk at ucalgary.ca Tel. 403

Does anyone have any experience using a PRI gateway, I am looking for a way to have multiple asterisk boxes use one PRI, and send that over the network. I herd there are copper gateway devices (like a X100P card, only it registers with asterisk using sip, and it doesn't have to be physically connected to the box) Does anyone have any experience with a PRI gateway? And could tell me the cost

Ein eingebundener Text mit undefiniertem Zeichensatz wurde abgetrennt. Name: nicht verf?gbar URL: https://stat.ethz.ch/pipermail/r-help/attachments/20070812/6da70dc8/attachment.pl