similar to: Maximum ProxyArp

If I''m using proxyarp and I try to ping that host from a machine in the net(untrusted) zone should I get a reply from the firewall address saying Destination host unreachable? I would like it to just time out. Jamie

You are awesome!!!! -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom Eastep Sent: Wednesday, March 30, 2005 9:11 AM To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] Shorewall and an inline IDS (snort-inlineorhogwash) Tom Eastep wrote: > Thibodeau, Jamie L. wrote: >

I have a quick question regarding accounting rules. This is the contents of my accounting file. *for reference eth1 is my net interface eth0 is my loc interface ezp:COUNT - eth1 129.15.70.46 tcp 80 ezp:COUNT - 129.15.70.46 eth1 tcp - 80 smag:COUNT - eth1 129.15.70.24 tcp 80 smag:COUNT - 129.15.70.24 eth1 tcp - 80

Hi Tom,  I´m very glad using Shorewall I proud to say that use it in my whole network (215 Real IP´s over ProxyArp) I can filter everyone have mac-control of then etc etc. Well I´m like a child playing with it :) But now, have a question there is any way to filter or use an Anti-virus in this network ? To drop packets with virus ?? To scan HTTP request ?? Or maybe use Dansguardian ? Did you

Has anyone successfully setup a shorewall Ucarp solution?

Clients: Some sites just show the top area not the full page. Some sites cant be reached at all. I think it 90% may be the MTU/MSS problem. But I already have set the shorewall.conf CLAMPMSS=1400 or CLAMPMSS=Yes, but it doest make things good. I would be mad. Anybody helps me would so appreciated! If you want know more info. to diag my problem, I would be please to.

Hello Shorewall gurus, I have a dilemma with a public server. I want to migrate the current public server over to a new machine behind the current server''s firewall (shorewall 1.4). I have included a diagram below to help explain the target network I am working toward. I have read the shorewall online documentation and though I have used Shorewall the past 4 years in the current

My ISP has DHCP-assigned IP-addresses. I wonder if someone has tried using proxyarp for a DMZ with DHCP-assigned public IP?

Hi, In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall external interface and the DMZ interface are in a completely different network . That means the gateway of the External interface and the hosts in ProxyARPed DMZ zones are in different network. eth0 ---in 220.227.X.Y/30 -- shorewall external interface eth1 ---in 220.227.A.B/27 -- shorewall

Hi everybody. I''m trying to configure shorewall folowing this manual: http://www.montanalinux.org/proxmox-ve-with-shorewall.html But with shorewall check it tells me thah: Checking /etc/shorewall/interfaces... ERROR: Unknown zone (dmz) : /etc/shorewall/interfaces (line 16) How can I define it in the zone file? thanks for the help. best regards, Santiago.

I am not a member of the mailing list. Shorewall version 2.0.9 ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 4: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000

I made an atempt to run snort_inline and shorewall on the same system but I could not get snort to see the packets. Maybe someone with a little more iptables knowledge could tell me what I''m doing wrong or if its possible to have the systems setup so that it places packets that the firewall would allow into QUEUE. After setting up and starting shorewall I then issue the following

Hi As per my follow up mail I implemented the ProxyArp configuration as per the Documentation on the Web site and all seemed to be working correctly. However, the one thing that doesn''t seem to be working properly is Samba. I have Samba running on the FW machine and one of the servers 192.168.0.8 on the Local Lan. I can connect to a Share using Samba from Server to Server, however

I have some hosts in a DMZ zone with proxyarp. In my local zone I have a host to which I DNAT. I have discovered that I can reach the host in the local zone by attempting to connect to the fw (As expected) or ANY proxyarped host in my dmz zone (as not expected). Is this normal ? (I''ve just discovered that actually the dnated host answers to requests sent to any IP routed to my host!)

Hi Folks, Can i account proxyarped pc´s ?? Like know how much web traffic passthru a specific person ip using shorewall ? So i can know how much bandwidth that specific IP EAT ? Thanks alot Carlos Arnt ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward

I''ve got a serious mess of NAT on our firewall/router systems at the corporate office which seems to do nothing other than confuse the heck out of people. What I''d like to do is gradually migrate the hosts on the various DMZ networks away from private IP addresses and NAT over to public IP addresses and proxyarp. What I''m wondering, before I start this, is how do I

Would it be considered normal that a system behind a shorewall box that was setup for proxyarp and able to be reached from the trusted side of the net just fine on the proxyapr ip address would if it were to talk out to the world show as traffic not from the proxyarp address but the firewall''s own address or the masquerading ip used by other zones? We had not really noticed this as an

Hi- One last question for the week, I promise. I''ve got one IP ProxyArp''d according to the instructions at http://www.shorewall.net/ProxyARP.htm. I''ve setup the shorewall/proxyarp file as follows: #ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT 208.4.145.73 br0 eth1 no yes #LAST LINE -- ADD YOUR ENTRIES

Plus I would like to let you know that it works like a charm. Snort can now see those packets. -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Thibodeau, Jamie L. Sent: Wednesday, March 30, 2005 9:25 AM To: Mailing List for Shorewall Users Subject: RE: [Shorewall-users] Shorewall and an inline

I have started looking at implementing shorewall as a bridge and had a few minor questions. First off if I want to define hosts in the hosts file would it be #ZONE HOST(S) OPTIONS Trust br0:eth0:xxx.xxx.xxx.xx net br0:eth0 loc br0:eth1 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE Or like #ZONE HOST(S)