similar to: DNAT or SNAT or both?

Hi! First of all, let me say a big "thank you" to Tom for creating shorewall. I''ve been using it for a few months now and it''s such a relief to not have to resort to OpenBSD''s pf (which is so much more sane than Linux'' iptables madness) for the most basic firewalling tasks. I have a question that I didn''t seem to be able to find in the FAQ.

Hi. I''m migrating to shorewall(6) mgmt of my various firewalls. Simple configs have been easy with the great docs. I''ve got a slightly more convoluted config, and have gotten ''lost'' in config''ing a SNAT/DNAT/NAT + DMZ + Xen Host/Guest set up with Static IP/29. Having some challenges wrapping my head around the ''best'' Shorewall

Hello all, I have shorewall setup with 3 SNAT entries for external IP address''s to a single IP internal address. I am wondering how to limit access based on the source IP address. ex. EXT IP 1 access only to port 25 EXT IP 2 access only to port 443 EXT IP 3 access only to port 80 I have the SNAT setup correctly and I have 3 accept line in the rules file (25,80,443) but I can hit

Hello Shorewall gurus, I have a dilemma with a public server. I want to migrate the current public server over to a new machine behind the current server''s firewall (shorewall 1.4). I have included a diagram below to help explain the target network I am working toward. I have read the shorewall online documentation and though I have used Shorewall the past 4 years in the current

Hello all I wanted to forward all incoming requests in port 80 to a server in my LAN, and by using DNAT lines, it actually works. However, it is unstable, in the sense that in the beggining of each connection (one or two seconds) it is extremely fast, then it sometimes pauses and waits 30 seconds or so, then it starts again and so on. The line i used is : DNAT net loc:192.168.0.210 tcp 80 DNAT

----- Original Message ----- From: "Jerry Vonau" <jvonau@shaw.ca> To: "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Thursday, August 19, 2004 08:06 Subject: Re: [Shorewall-users] Two Links and DNAT > > > > Btw, by "shorewall show nat" I just noticed that I was doing snat only > > for packets comming

Hi, I got a server which is web, mail, firewall, squid and bind dns server. The server is behind a router. The domain internal is the same as on the internet. I created a split dns so: www and webmail are pointed to the external ipadress of my router. The server internal ipadress is 10.0.0.1 and external ipadress is 192.168.0.80 The webserver is listening on 10.0.0.1 I created two

# shorewall version 3.2.1 SNAT is enabled. Setting up DNAT to do port forwarding -- this example looked exactly like what I wanted: (FAQ 1c) From the internet, I want to connect to port 1022 on my firewall and have the firewall forward the connection to port 22 on local system 192.168.1.3. How do I do that? In /etc/shorewall/rules: #ACTION SOURCE DEST PROTO DEST PORT

Hi ! I have setup a complete shorewall now with DMZ, and Private zones and masq, rules, port-forwarding etc. worx like expected. BUT I have a wish to use a couple of more public IP''s and relate those to inernal servers on the DMZ zone and i am now so confused about it. I have searched this archive for SNAT port allow Setup: 3 public adresses on the WAN nic. lets call them 80.80.80.80 -

I''ve installed a bering box acting as a firewall for a lan; the lan is 192.168.1.0/24 the bering box is 192.168.1.254 I''ve installed a squid server 192.168.1.1 It is possible to configure shorewall for a transparent proxy to the squid server? I''ve tryed with REDIRECT loc loc:192.168.1.1:3128 tcp www - !192.168.1.1 in the rules file I get this error: Error:

Hi list, This is my first post there. CONTEXT : -------------- I have a little lan behind a shorewalled box (internet) -- NET_IP [gateway] LOC-IP -- (lan X.Y.0.0) internet -> net zone connected to the gateway via a ppp interface lan -> loc zone connected to the gateway via eth1 NET_IP and LOC_IP are defined in shorewall params file GOAL : --------- i want to forward http and

Hello list, I am in the process of switching from IPCOP to Shorewall s the firewall for our small office. I very much like the fact that Shorewall runs on top of the same OS (openSuSE 11.4) that I run on the server and my desktop. Our setup is fairly straightforward. We have 8 static ip addresses from our ISP, which provides a cable modem and a Cisco 800 series router. The ip addresses are

Hi all, I have a group of public IPs 80.x.x.209-80.x.x.215. My satellite broadband router has .209 and my Fedora Core 2 running Shorewall firewall has one network card with IP .210 and the other with 172.16.0.1/255.255.0.0. All network PCs have a 172.16.x.x private address. I am new to shorewall and fedora/linux. I would like requests to public IP 80.x.x.211 to be redirected to internal IP

Sorry for the long descritpion of the problem, I''d like to know If I misunderstand something or if I meet an intrinsic limit of my setup. 217.58.51.162 HDSL eth1 - SRV_XP: 192.168.254.10 eth0: 192.168.254.1 -----+------------------+------- 81.121.243.250 ADSL eth3 - I want to allow incoming pptp request (port 1723) to be forwarded to srv_xp

Hello all, I have a problem with external access to a postfix mailserver running on my firewall as a mail-gateway. My setup with shorewall 2.2.0 rc4 is as follows: eth0 is zone isf - this is an intranet to other companies eth1 is zone loc - local network eth2 is zone net - internet, fix ip adress eth0 and eth1 are bridged shorewall version 2.2.0-RC4 ip addr show 1: lo: <LOOPBACK,UP> mtu

The bridging documentation (http://shorewall.net/2.0/bridge.html) has been expanded and there is a refresh of the bridging code (ftp://shorewall.net/pub/shorewall/Bridging and http://shorewall.net/pub/shorewall/Bridging). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all, im using shorewall 2.2.1 on a CentOS 4, im newbie with shorewall, just testing it i created a dnat rule like this #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I mean http://users.gurulink.com/drk/transproxy/TransparentProxy.html on "6. Transparent Proxy to a Remote Box." Thanks - -------- Original Message -------- Subject: Squid on remote Box Date: Wed, 16 Mar 2005 17:16:35 +0700 From: Royke K <royke4k@cbn.net.id> To: shorewall-users@lists.shorewall.net How do I configure port

Hi list, I have the following problem: my boss and some other people on my lan want to use their ISP smtp to send mail when they connect from work lan, but, of course, their ISP smtp don''t allow relay when they aren''t at home. You can image my networks so: eth0 internet public ip eth1 local1 10.88.11.0/24 eth2 local2

I am having problems making RTSP connections to a Windows Streaming Media Server (ie "connecting to media...." but WMP never connects). There are no error messages in /var/log/messages. It was suggested to me that SNAT might perform better than MASQ in this respect. I edited my shorewall/masq file as such: eth0 eth1 12.34.56.78 or should it be? eth0 10.0.0.0/24