similar to: RE: Is ProxyARP or NAT entries really neccesary forDNAT to work?

I have been trying to get DNAT to work and I actually have succeeded too, however, not how I thought it would work when reading through the documentation. 1. No matter what I do I cannot get DNAT to work unless I have an entry in eiter the nat or the proxyarp file. Is that really how it''s supposed to be? I can''t find anything about it in the documentation. 2. Also, in the

So I am trying to get a firewall up at work using Shorewall 2.2 / Mandrake RC 1, where we have multi-ips assigned to a single machine.... Now at one point I had Shorewall and Mandrake configured and it was working... this was our setup essentially (I''ll use 192.0.0.x as out external IP addresses) In ifconfig: eth0 192.0.0.202 nmask 255.255.255.248 eth0:1 192.0.0.203 nmask

>What does that mean? In the Mandrake control center, the options for DNS Servers get wiped out... I think this is just a Mandrake issues. Was just the one issue that got me convincedto switch to Fedora >Groan Yes, I''ve groaned much since =( >Exact error messages are helpful -- vague references to "...or >something..." are not helpful. Sorry about that..

Hello Shorewall gurus, I have a dilemma with a public server. I want to migrate the current public server over to a new machine behind the current server''s firewall (shorewall 1.4). I have included a diagram below to help explain the target network I am working toward. I have read the shorewall online documentation and though I have used Shorewall the past 4 years in the current

Hi , I have a dude. I have four nic. Lan, wan, dmz1 and dmz2. I use proxy arp for dmz1 and work great. But in dmz2 have 2 machine with heartbeat. IP are type 192.168.x.x If use nat work fine from wan to dmz2, but from lan ?? how to access valid ip ?? Sorry for my bad english :)

Does anyone know what a good maximum number of machines I should place in the ProxyArp list? Thanks Jamie

My ISP has DHCP-assigned IP-addresses. I wonder if someone has tried using proxyarp for a DMZ with DHCP-assigned public IP?

Hi everybody. I''m trying to configure shorewall folowing this manual: http://www.montanalinux.org/proxmox-ve-with-shorewall.html But with shorewall check it tells me thah: Checking /etc/shorewall/interfaces... ERROR: Unknown zone (dmz) : /etc/shorewall/interfaces (line 16) How can I define it in the zone file? thanks for the help. best regards, Santiago.

Hi As per my follow up mail I implemented the ProxyArp configuration as per the Documentation on the Web site and all seemed to be working correctly. However, the one thing that doesn''t seem to be working properly is Samba. I have Samba running on the FW machine and one of the servers 192.168.0.8 on the Local Lan. I can connect to a Share using Samba from Server to Server, however

Hi Folks, Can i account proxyarped pc´s ?? Like know how much web traffic passthru a specific person ip using shorewall ? So i can know how much bandwidth that specific IP EAT ? Thanks alot Carlos Arnt ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward

Hi, In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall external interface and the DMZ interface are in a completely different network . That means the gateway of the External interface and the hosts in ProxyARPed DMZ zones are in different network. eth0 ---in 220.227.X.Y/30 -- shorewall external interface eth1 ---in 220.227.A.B/27 -- shorewall

I''ve got a serious mess of NAT on our firewall/router systems at the corporate office which seems to do nothing other than confuse the heck out of people. What I''d like to do is gradually migrate the hosts on the various DMZ networks away from private IP addresses and NAT over to public IP addresses and proxyarp. What I''m wondering, before I start this, is how do I

Would it be considered normal that a system behind a shorewall box that was setup for proxyarp and able to be reached from the trusted side of the net just fine on the proxyapr ip address would if it were to talk out to the world show as traffic not from the proxyarp address but the firewall''s own address or the masquerading ip used by other zones? We had not really noticed this as an

I have some hosts in a DMZ zone with proxyarp. In my local zone I have a host to which I DNAT. I have discovered that I can reach the host in the local zone by attempting to connect to the fw (As expected) or ANY proxyarped host in my dmz zone (as not expected). Is this normal ? (I''ve just discovered that actually the dnated host answers to requests sent to any IP routed to my host!)

Hello list, I am in the process of switching from IPCOP to Shorewall s the firewall for our small office. I very much like the fact that Shorewall runs on top of the same OS (openSuSE 11.4) that I run on the server and my desktop. Our setup is fairly straightforward. We have 8 static ip addresses from our ISP, which provides a cable modem and a Cisco 800 series router. The ip addresses are

Hi, im running shorewall 2.0.16 with centos 3 (iptables v1.2.8), everything is working fine for several days, i have configured a masq lan and all the outgoing traffic is ok, but now i want to redirect (port forward) the external web traffic to an internal machine, somethig like this INTERNET ---------> SHOREWALL -------------------> INTERNAL_MACHINE [public

Hello Tom and all, Quick question: Is it possible to operate an OpenVPN server from behind a firewall? Is it as simple as setting it up and placing: DNAT net loc:192.168.10.20 udp 5000 - ipaddress -- Paul Slinski -o) Network Administrator /\ Global IQX, Inc. _\_v Global IQX is the leader in integrated e-business automation solutions for the group life and health insurance

Hi- One last question for the week, I promise. I''ve got one IP ProxyArp''d according to the instructions at http://www.shorewall.net/ProxyARP.htm. I''ve setup the shorewall/proxyarp file as follows: #ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT 208.4.145.73 br0 eth1 no yes #LAST LINE -- ADD YOUR ENTRIES

shorewall-users hi,ALL I have a firewall have three interface, one NIC is internal (eth0), second NIC is SSN(eth2), and other NIC is external(eth1), on internal network have 10.0.1.59 and gw 10.0.1.163 eth0: 192.168.1.254/24 eth1: 10.0.1.55/24 gw 10.0.1.163 I use shorewall''s proxyarp 10.0.1.59 eth1 eth0 no no that is OK. I saw /usr/share/shorewall/firewall, I

Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default * non-RFC 1918