Displaying 20 results from an estimated 10000 matches similar to: "Confused about approach"
2004 Sep 10
1
Is ProxyARP or NAT entries really neccesary for DNAT to work?
I have been trying to get DNAT to work and I actually have succeeded
too, however, not how I thought it would work when reading through the
documentation.
1. No matter what I do I cannot get DNAT to work unless I have an entry
in eiter the nat or the proxyarp file. Is that really how it''s supposed
to be? I can''t find anything about it in the documentation.
2. Also, in the
2003 Feb 24
5
Bug in Shorewall check?
I made a boo boo in my config and put in this rule
#PPTP
DNAT net:213.67.241.162/217.209.46.204/32
loc:192.168.221.200 tcp 1723
DNAT net:213.67.241.162/32,217.209.46.204/32
loc:192.168.221.200 47 -
And the the following happened.. and I wonder why it didn''t complain? I
am sure I am just misunderstanding some doc
2003 Jan 14
3
Shorewall-1.3.13
Just some stuff that was laying around in CVS:
1. Added ''DNAT-'' target.
2. Print policies in ''check'' command.
3. Added CLEAR_TC option.
4. Added SHARED_DIR option.
[teastep@wookie Shorewall]$ cat releasenotes.txt
This is a minor release of Shorewall that has a couple of new features.
New features include:
1) A new ''DNAT-'' action has been
2011 Apr 15
1
Proxyarp vs DNAT
Hello list,
I am in the process of switching from IPCOP to Shorewall s the firewall
for our small office. I very much like the fact that Shorewall runs on
top of the same OS (openSuSE 11.4) that I run on the server and my desktop.
Our setup is fairly straightforward. We have 8 static ip addresses from
our ISP, which provides a cable modem and a Cisco 800 series router.
The ip addresses are
2004 Oct 09
2
odd problem with proxyarp and DNAT
I have some hosts in a DMZ zone with proxyarp. In my local zone I have a host to which I DNAT.
I have discovered that I can reach the host in the local zone by attempting to connect to the fw (As expected) or ANY proxyarped host in my dmz zone (as not expected). Is this normal ?
(I''ve just discovered that actually the dnated host answers to requests sent to any IP routed to my host!)
2004 Aug 22
6
LAN to DMZ zone issues.
Hello all,
Name is Andrew and in desperate need of some info.
Setup:
- Mandrake 9.1 with three interfaces
(eth0 --> WAN) C-class /28 network (with tree virtual addresses which I
am DNAT-ing to the DMZ)
(eth1 --> LAN) A-class 10.0.0.0/8
(eth2 --> DMZ) A-class subnet 10.1.123.0/24
- Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk
Dilemma:
- LAN can not access the DMZ zone
2009 Jun 10
6
Shorewall + IPsec Tunnel
Hi everyone!
First of all, sorry about my bad English and the e-mails extension.
I need some help to implement a VPN connection using shorewall and openswan
as IPSec Tunnel.
My network map:
CLIENT VPN APPLIANCE --> +++INTERNET+++ --> FIREWALL --> OPENSWAN SERVER
(DMZ)
I have two VPN connections with two different subnets to the other end. The
two of then are correctly established.
2006 Mar 02
4
Dual ISP routing and NAT problem
Hello newsgroup,
I hope somebody with more routing experience then me can help me with
the problem I have.
The setup is as described below. A dual internet provider routing,
multiple local area networks, and a dmz network with one public and one
private ip range.
I followed the instructions at lartc.org, and so far everything is working.
The default route is via
2004 Sep 29
4
Re: start error]
thanks again for your sharp eye and speedy response. i have corrected the typos in the IP in the masq file. I am sorry to have to ask for more help but my pc''s on the local network can''t reach the dmz webserver using the webserver''s local or Public IP address. I need to be able to do this in order to test the split DNS setup for the network. Using ethereal on the
2004 Nov 01
2
dmz setup
I am trying to add a machine into my dmz. It is the first machine I''ve
ever added to this dmz and fro some reason I cannot establish
communication between the dmz and the machine.
Here is an example of my setup:
ISP router --> firewall (eth0)
firewall (eth1) --> local network
firewall (eth2) --> DMZ
eth0 and eth2 have public IP addresses as does the machine I just added
to
2008 Oct 01
2
DNAT Issue
Hi.
Im setting up a web farm test lab. I have a number of machines in the
test last on a dmz zone on network 10.20.30.0.
The test lab firewall has two NICS. One (eth0) has two ip addresses,
eth0 10.161.101.40 and eth0:0 10.161.10.49. The other one, eth1 is
on a private network, 10.20.30.0.
I want to use DNAT to allow test engineers to ssh into the machines in
the web farm. I have
2007 Sep 25
1
DNAT PREROUTING issue with iptables
Hi,
I have an DNAT ISSUE with PREROUTING.
This is my setup.
I have 2 firewalls running iptables.
Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall.
2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in
that DMZ zone, mail server runnig @ 192.168.100.3
Now I want to DNAT port 25 of FISRT firewall (i.e - its ip address -
1.2.3.4/29) to the internet ip
2006 Mar 13
1
Dynamic Zones and IPSET (with a DNAT for good measure!)
Hello all,
I have been putting together a shorewall firewall together for a couple
of days, but have hit a bit of a dead end.
I am using Shorewall 3.0.5
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Packet Type
2004 Nov 22
10
routed vs non routed
In an effert move my Dmz from a snapqear roouter to Linux with shorewall.
Question is I have network 64.42.53.200/29
which makes default gw 64.42.53.201 network 64.42.53.200 broadcast
64.42.53.207
mask 255.255.255.248 and I want to set up shorewall with eth0 64.42.53.202
eth1 local eth2 dmz where dmz will use say 64.42.53.203 for web and email
server.
Where I do not need or should I say use
2003 Oct 21
2
problems
In the last 15 minutes I have had a major firewall running Shorewall display
some problems. This machine has been working fine for the better part of a
year, no changes made in the last week. This machine has three zones. There
is a DNAT running from the net zone and the loc zone to a webserver in the
dmz port 80 only. The DNAT from the loc zone seems to not be working
correctly. If I make a web
2004 Nov 15
3
source policy routing going to wrong path
Hi,
Below is my Linux firewall network configuration: -
eth0 - isp 1, IP: 1.1.1.10, Netmask: 255.255.255.252
eth1 - isp 2, IP: 2.2.2.10, Netmask: 255.255.255.252
eth2 - lan, IP: 172.16.0.254, Netmask: 255.255.255.0
eth3 - dmz, 192.168.0.254, Netmask: 255.255.255.0
isp 1 gateway: 1.1.1.9
isp 2 gateway: 2.2.2.9
Below is my iptables rules: -
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables
2005 Jan 11
2
dnat problem
Hi,
I have a proxy/firewall,
I want to dnat requests for 193.205.140.106 on port 443 towards
10.2.15.23 and requests for 193.205.140.106 on ports 4330 and 3389
towards 10.2.15.25, these rules must apply from internet, loc and fw
(some client use a proxy on fw to reach these servers)
I have tried with the following rules:
DNAT net dmz:10.2.15.23 tcp 443 -
2005 Apr 27
1
Problems with DNAT
Hi, i''m a shorewall users and i have the following problem:
I have one class C range of IP''s and i have three zones (net, dmz , loc)
I need create one rule to dnat one valid ip address (but not in use in
one computer) to one invalid host in my loc zone.
How i do?
I try this:
DNAT net:200.200.200.200 dmz:200.193.137.38 tcp
137,138,139,445 -
2003 Jan 30
4
ACCEPT vs DNAT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
Can someone refresh my memory on the difference between the following
(where dmz contains an RFC 1918 address host)?
ACCEPT net dmz tcp 80 - all
DNAT net dmz tcp 80
I''m trying to generate a script for maintaining multiple interconnected
firewalls from shared policy, rules, and zone files, and i
2005 Apr 03
6
v1.2/DNAT
Some probably wish v1.2.12-2 out of Debian Woody would just go away, but it''s
what I''m using and really don''t wish to upgrade at this time (but will
eventually). My needs are rather simple and I''m sure it can handle the job.
I''ve read and re-read the FAQs and searched extensively for docs on what my
problem might be, but just cannot put my finger