similar to: Confused about approach

I have been trying to get DNAT to work and I actually have succeeded too, however, not how I thought it would work when reading through the documentation. 1. No matter what I do I cannot get DNAT to work unless I have an entry in eiter the nat or the proxyarp file. Is that really how it''s supposed to be? I can''t find anything about it in the documentation. 2. Also, in the

I made a boo boo in my config and put in this rule #PPTP DNAT net:213.67.241.162/217.209.46.204/32 loc:192.168.221.200 tcp 1723 DNAT net:213.67.241.162/32,217.209.46.204/32 loc:192.168.221.200 47 - And the the following happened.. and I wonder why it didn''t complain? I am sure I am just misunderstanding some doc

Just some stuff that was laying around in CVS: 1. Added ''DNAT-'' target. 2. Print policies in ''check'' command. 3. Added CLEAR_TC option. 4. Added SHARED_DIR option. [teastep@wookie Shorewall]$ cat releasenotes.txt This is a minor release of Shorewall that has a couple of new features. New features include: 1) A new ''DNAT-'' action has been

Hello list, I am in the process of switching from IPCOP to Shorewall s the firewall for our small office. I very much like the fact that Shorewall runs on top of the same OS (openSuSE 11.4) that I run on the server and my desktop. Our setup is fairly straightforward. We have 8 static ip addresses from our ISP, which provides a cable modem and a Cisco 800 series router. The ip addresses are

I have some hosts in a DMZ zone with proxyarp. In my local zone I have a host to which I DNAT. I have discovered that I can reach the host in the local zone by attempting to connect to the fw (As expected) or ANY proxyarped host in my dmz zone (as not expected). Is this normal ? (I''ve just discovered that actually the dnated host answers to requests sent to any IP routed to my host!)

Hello all, Name is Andrew and in desperate need of some info. Setup: - Mandrake 9.1 with three interfaces (eth0 --> WAN) C-class /28 network (with tree virtual addresses which I am DNAT-ing to the DMZ) (eth1 --> LAN) A-class 10.0.0.0/8 (eth2 --> DMZ) A-class subnet 10.1.123.0/24 - Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk Dilemma: - LAN can not access the DMZ zone

Hi everyone! First of all, sorry about my bad English and the e-mails extension. I need some help to implement a VPN connection using shorewall and openswan as IPSec Tunnel. My network map: CLIENT VPN APPLIANCE --> +++INTERNET+++ --> FIREWALL --> OPENSWAN SERVER (DMZ) I have two VPN connections with two different subnets to the other end. The two of then are correctly established.

Hello newsgroup, I hope somebody with more routing experience then me can help me with the problem I have. The setup is as described below. A dual internet provider routing, multiple local area networks, and a dmz network with one public and one private ip range. I followed the instructions at lartc.org, and so far everything is working. The default route is via

thanks again for your sharp eye and speedy response. i have corrected the typos in the IP in the masq file. I am sorry to have to ask for more help but my pc''s on the local network can''t reach the dmz webserver using the webserver''s local or Public IP address. I need to be able to do this in order to test the split DNS setup for the network. Using ethereal on the

I am trying to add a machine into my dmz. It is the first machine I''ve ever added to this dmz and fro some reason I cannot establish communication between the dmz and the machine. Here is an example of my setup: ISP router --> firewall (eth0) firewall (eth1) --> local network firewall (eth2) --> DMZ eth0 and eth2 have public IP addresses as does the machine I just added to

Hi. Im setting up a web farm test lab. I have a number of machines in the test last on a dmz zone on network 10.20.30.0. The test lab firewall has two NICS. One (eth0) has two ip addresses, eth0 10.161.101.40 and eth0:0 10.161.10.49. The other one, eth1 is on a private network, 10.20.30.0. I want to use DNAT to allow test engineers to ssh into the machines in the web farm. I have

Hi, I have an DNAT ISSUE with PREROUTING. This is my setup. I have 2 firewalls running iptables. Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall. 2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in that DMZ zone, mail server runnig @ 192.168.100.3 Now I want to DNAT port 25 of FISRT firewall (i.e - its ip address - 1.2.3.4/29) to the internet ip

Hello all, I have been putting together a shorewall firewall together for a couple of days, but have hit a bit of a dead end. I am using Shorewall 3.0.5 Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Extended Multi-port Match: Available Connection Tracking Match: Available Packet Type

In an effert move my Dmz from a snapqear roouter to Linux with shorewall. Question is I have network 64.42.53.200/29 which makes default gw 64.42.53.201 network 64.42.53.200 broadcast 64.42.53.207 mask 255.255.255.248 and I want to set up shorewall with eth0 64.42.53.202 eth1 local eth2 dmz where dmz will use say 64.42.53.203 for web and email server. Where I do not need or should I say use

In the last 15 minutes I have had a major firewall running Shorewall display some problems. This machine has been working fine for the better part of a year, no changes made in the last week. This machine has three zones. There is a DNAT running from the net zone and the loc zone to a webserver in the dmz port 80 only. The DNAT from the loc zone seems to not be working correctly. If I make a web

Hi, Below is my Linux firewall network configuration: - eth0 - isp 1, IP: 1.1.1.10, Netmask: 255.255.255.252 eth1 - isp 2, IP: 2.2.2.10, Netmask: 255.255.255.252 eth2 - lan, IP: 172.16.0.254, Netmask: 255.255.255.0 eth3 - dmz, 192.168.0.254, Netmask: 255.255.255.0 isp 1 gateway: 1.1.1.9 isp 2 gateway: 2.2.2.9 Below is my iptables rules: - echo 1 > /proc/sys/net/ipv4/ip_forward iptables

Hi, I have a proxy/firewall, I want to dnat requests for 193.205.140.106 on port 443 towards 10.2.15.23 and requests for 193.205.140.106 on ports 4330 and 3389 towards 10.2.15.25, these rules must apply from internet, loc and fw (some client use a proxy on fw to reach these servers) I have tried with the following rules: DNAT net dmz:10.2.15.23 tcp 443 -

Hi, i''m a shorewall users and i have the following problem: I have one class C range of IP''s and i have three zones (net, dmz , loc) I need create one rule to dnat one valid ip address (but not in use in one computer) to one invalid host in my loc zone. How i do? I try this: DNAT net:200.200.200.200 dmz:200.193.137.38 tcp 137,138,139,445 -

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, Can someone refresh my memory on the difference between the following (where dmz contains an RFC 1918 address host)? ACCEPT net dmz tcp 80 - all DNAT net dmz tcp 80 I''m trying to generate a script for maintaining multiple interconnected firewalls from shared policy, rules, and zone files, and i

Some probably wish v1.2.12-2 out of Debian Woody would just go away, but it''s what I''m using and really don''t wish to upgrade at this time (but will eventually). My needs are rather simple and I''m sure it can handle the job. I''ve read and re-read the FAQs and searched extensively for docs on what my problem might be, but just cannot put my finger