similar to: Fwd: Two servers HTTP on DMZ

Hi Guys, Thi sis my first post, sorry for my english, I''m Italian. I desperate try configure home server/router connected over ADSL with dynamic IP. I''ve registered to no-ip and in order to connect externaly to my home server. My system is gentoo based. I''ve just installed different pubblic servers with static IP and shorewall and had no problems, but my own home

Hi all, I am running Xen 3.0.2-2 (taken from XenSource) with Linux kernel 2.6.16 (taken from Debian Sid), I compiled Xen and 2 kernels (dom0 and domU). Here is the ascii-art of my setup: ------------ ------------- | LAN |------------------------| waste | 192.168.0.94/24 ------------ ------------- | ·····························

I am not quite sure if this issue relates to iptables, routing or Xen virtual machines. Too many variables for my simple mind, so I'm asking some advice :) This is my network setup: Internet --- eth2 + CentOS dom0 / firewall / router + eth1 (xenbr1) --- LAN with private IPs --- separate file server and workstations + eth0 (xenbr0)

I have a three interface network (net,loc,dmz). The internet interface (eth0) has a static IP. Windows machine in the local network (eth1) use DHCP to get IPs from the 192.168.10.0/24 netblock. The Debian machine in the DMZ (eth2) gets a fixed IP through DHCP in the 192.168.11.0/24 netblock. The DHCP server is running on the firewall machine (not ideal, I know, but that''s the way

I am trying to add a machine into my dmz. It is the first machine I''ve ever added to this dmz and fro some reason I cannot establish communication between the dmz and the machine. Here is an example of my setup: ISP router --> firewall (eth0) firewall (eth1) --> local network firewall (eth2) --> DMZ eth0 and eth2 have public IP addresses as does the machine I just added to

Two quick questions to the group: Anyone seen this before: Jan 14 02:55:45 gw1 kernel: Shorewall:all2all:REJECT:IN=eth1 OUT=eth0 SRC=66.58.99.83 DST=170.224.8.51 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=38676 DF PROTO=TCP SPT=1735 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 I mean my web server is trying to replay to some external host 170.224.8.51 (p.moreover.com) for some reason. What could be? It

Hi, in a three interface firewall I have eth0, loc, 10.1.5.1/16 eth1, int, 200.41.61.228/29 eth2, dmz, 192.168.1.1/24 (un)fortunately I got a group of public ip?s to use, so here is my problem in the dmz I have 192.168.1.3 redirected from eth1 alias 200.41.61.226 (a web server, works perfect). I am trying to set up a mail server also, a different machine, so I can?t use proxyarp, as with this,

That log message looks like someone (or some program) is trying to browse to moreover.com from your web server machine--it''s not a reply to an external request. You''d see messages like that if you were running some sort of HTTP proxy server (like Squid) on that box (although they''d likely be to multiple IPs, unless your users only browsed to p.moreover.com). It could

How would I use Big Brother with Shorewall and my loc and dmz zones to monitor hosts in both zones? If Big Brother''s server is on my LAN (loc) is it "safe" to forward the bb port from the dmz to the LAN? What would the security risks of this be? Common sense says that it may not be a good idea to forward stuff from the dmz to the LAN, but I''m inexperienced and unsure

hello there, im running a 3interface inet, dmz, loc. i have some public ip addresses. one public address is the router of the provider, the second one is the linux box running shorewall. all other public interfaces are on the dmz nic with proxy-arp. now whenever i do a traceroute (the dmz boxes are windows, icmp traceroute) the very first hop gets timeout/stars, then the router of the provider

There is such a wealth of knowledge and personal experience on this list that I'd like to get your opinions on our current situation. Currently, we have a simple tri-homed firewall with the internal network on one interface, the dmz on another, and the dirty internet on the last. Also, there is a spare interface on the box which is unused. We use CentOS and manually maintain our rule sets

Hi everyone, Sorry for asking OT here, but I need your expertise :-) I am running a standard 3 I/F net, dmz, loc Shorewall 1.4.7 on a RH 9 server In the DMZ I have a web shop running with DNAT from the external address to the DMZ - this all works I want to add a develop server in the DMZ with external access so I set this up as per the live server and from internal network it works, but from

Hello !! I ve just install shorewall-common and shorewall-shell I can''t defined a network using the CIDR format for my DMZ in /etc/shorewall/hosts fast eth2:172.17.0.0/16 epac eth2:172.18.0.0/16 fsa eth2:172.19.0.0/16 bu eth2:172.20.0.0/16 recto eth2:172.21.0.0/16 dmz eth1:81.91.225.224/27 I receive this error: ERROR: Invalid zone definition for

Hi everyone, I have a question regarding the default gateway for hosts on DMZ zone. I moved servers from parallel to the DMZ (outside the firewall, directly connected to I-net) to inside DMZ. The default gw for these servers was the DSL router(bridge) of my ISP. What should be the default gw (for the hosts inside the DMZ), when hosts are inside the DMZ now - still the DSL router (external

Hello, Summary: a Linux server joined to domain GODMZ (which trusts another domain GOCORP), without network access to GOCORP domain controllers can authenticate but not retrieve user information (id) even though wbinfo -n can resolve a name to SID. Long: We have two domains, both at server 2003 functional level. GOCORP contains users and intranet servers. GODMZ contains servers in the DMZ (web

My sincere apologies to all on this list. After looking for returning packets with tcpdump and not finding ANY I called our provider to confirm our IP assignment. The IP range that I was given by my boss was incorrect. After adjusting the ip assignments, everything is working perfectly. Thank you all for your time in troubleshooting this, and I hope to be able to return the favor at some

Hello all, Name is Andrew and in desperate need of some info. Setup: - Mandrake 9.1 with three interfaces (eth0 --> WAN) C-class /28 network (with tree virtual addresses which I am DNAT-ing to the DMZ) (eth1 --> LAN) A-class 10.0.0.0/8 (eth2 --> DMZ) A-class subnet 10.1.123.0/24 - Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk Dilemma: - LAN can not access the DMZ zone

Hi, I have this case: My Shorewall is a internet gateway: (fw) eth0 -> 200.209.100.0/30 (loc) eth1 -> 192.168.0.0/24 (dmz) eth2 -> 200.209.100.8/30 In the DMZ, I have another linux, with a web server too. eth0 -> 200.209.100.10/30 - running Apache at port 1700 eth1 -> 192.168.0.0/24 My problem is: I need to make a NAT, from my local

I am running a LEAF Bering firewall with a DMZ at one of my client''s sites. The client has a Windows IIS server set up in the DMZ. The DMZ rules block all outgoing connections on all ports. The client wants to be able to run Windows Update on the server, which uses ports 80 and 443. However, opening all port 80 and 443 connections from the server to the net zone is not an option,