similar to: Re: Can this be done?

Hi folks, I know this isn''t a shorewall question, but i''m hoping someone can point me to the right place to look for answers on this (since, as Tom suggests, search engines are useless for some things): Here is my firewall setup: ADSL1 ADSL2 dialup \ | / firewall | DMZ It''s a fairly simple setup. ADSL1 has a static IP, ADSL2 is

Hi folks, I''ve noticed in recent times on the list that we seem to be getting a low signal-to-noise ratio with a lot of posts (particularly those where people include their configuration). Once you have posted the appropriate information once, there is no need to keep quoting it unless it is central to the discussion. Trimming irrelevant material makes it easy for people who have been

Hi folks, A while back we had some discussions about integrating heartbeat and shorewall. Thanks to your help and the excellent state of Linux failover clustering, i''ve managed to install my high-availability firewall. I know there''s already a howto for it at http://www.xenos.net/library/hafirewall.html, but i thought i would document my setup for others, since it''s

Hi folks, Has anyone out there done port forwarding or DNAT for UDP packets that are normally sent to the broadcast address (255.255.255.255)? I have to support a nasty database application called FileMaker Pro (those of you who know it are probably groaning about now), which uses broadcasts to locate the database server. Theoretically, i can get around this requirement by using LDAP lookups

So, now I see why I was doing the fw 2 fw rule. It was for my YP/NIS usage. Does anyone know how I get that to work?

Hi folks, Last night and this morning i''ve hacked up a quick web site for coordinating our development work based on Drupal (http://drupal.org). You can find it at: http://shorewall.dyndns.org I''ve put a few ideas in there - feel free to use the comments or sign up for an account and create your own pages (particularly in the two books about development and web site work).

ive got a config thats client -> server ->Dansguardian->Squid -> onward adn I want to transparently redirect web traffic to DG/Squid Not sure where the problem lies - hoping you guys can help me and at least tell me that its NOT my shorewall config heres the configs When I point a browser straight at 3128 or 3129 I get web pages back and the appropriate stuff in the logs . I get a

Hi All, I tried installing SquidGuard in a CentOS 4.5 server wit Squid as proxy from RPMForge but uninstalled it since I am having it fails to configure it correctly so I replace it using DansGuardian. But after configuring it and restarting the squid including start of dansguardian service, I observe that there was no effect on our client user. Our user are required have proxy settings on

Hello Everyone! I am using shorewall-3.0.5 on suse linux. Recently we have implemented dansguardian running on 8080 and squid on port 3128. Previously (before dans guardian) masquerading was working fine but after the implementation of dansguardian masquerading is not working. My rules file has entry Previous entry was ACCEPT loc:192.192.192.3 net REDIRECT loc 8080 tcp

Hi all, I''ve just built Mandrake 10.1 on a Compaq Deskpro that I''ve built as a router/firewall and am redirecting port 80 outbound to force users through the Content Filter. I''ve run this setup on Mandrake 9.0 and 10.0 without any problems but this time the following happens. Squid is accessed through port 3128 and Dansguardian via 8080. If I set my browser on a

Hi all, I''m trying to set up a transparent proxy with dansguardian, and running into some strange issues with the squid setup without dansguardian. I have used shorewall for quite some time, and I''m stumped as to why I can''t get this to work. Here is a brief synopsis of my network. loc --> gateway/firewall--> net I have the following policies: #firewall to

Hi folks, I''m conducting a straw poll for your opinions on whether we should send CVS commit logs (probably with diffs) to the shorewall-devel list, or to another (new) list? I can see advantages to both ways: separate lists mean that people who aren''t contributing code don''t get flooded with code noise, but a single list will help keep everyone involved in the

FreeBSD Architect required to lead team at a well known ISP. Strong Linux/Solaris skills are required and some Windows experience would be beneficial. Some Perl/C development experience a must. You will be building complex infrastructures, processes and procedures. Degree educated and with 4+ years as an SA for a similar company you will looking for new challenges in a hands on role. Location:

Is there an option for running SUR and 2SLS regressions with weighting (I am analysing mortality in towns, hence want to weight by population size) Many thanks Jon Anson -- Yonathan (Jon) Anson Department of Social Work Ben Gurion University of the Negev 84105 Be'er Sheva, Israel. Tel: +972 8 647 93 14(w) +972 8 6489286 (h) 067 233279 (m) Fax: +972 8 647 29 33

Since you''ve started signing your email, Tom, my machine can''t verify your sig. Where are you publishing your key? -- John Andersen - NORCOM http://www.norcomsoftware.com/

I''m going to start being rude with people if I don''t take a break from the list for a while. I''ll be back in a couple of days after I cool off..... --Tom -- Tom Eastep \ Off-list replies are cheerfully ignored Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

hello I''m using the 2.6 series 5 vservers on eth1 running on debian unstable and I wanted two of them to be used as "proxies". One of the proxies has 3 interfaces (well 4 if you count the ath0 interface whose traffic I''d like to pass through the "vproxy"); one facing the hosts''/out interface, one facing the "dmz" where two vservers

Anyone else seeing this?? Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

Hello, My server is on Mandrake 10.1 off. eth0 is WAN with static IP connected 512 DSL eth1 is LAN. My default shorewall settings are : Source zone Destination zone Policy Syslog level Traffic limit loc net ACCEPT None None fw net ACCEPT None None net Any DROP info None Any Any REJECT info None I have done NAT on eth0 and I am running squid proxy on the server. I am not able send or

Been trying to track down an issue where when I issue a restart on shorewall it stalls for maybe 5 minutes. I have tracked it down to the removing of the rules portion but have not been able to get any closer yet. Some place after "strip_file rules" and echo "Deleting user chains..." It seems to fix itself after a reboot of the system for an unknown time then it resurfaces