Displaying 20 results from an estimated 20000 matches similar to: "shorewall 1.2.12"
2003 Jan 13
4
DMZ hosts gateway
Hi everyone,
I have a question regarding the default gateway for hosts on DMZ zone. I moved servers from parallel to the DMZ (outside the firewall, directly connected to I-net) to inside DMZ. The default gw for these servers was the DSL router(bridge) of my ISP.
What should be the default gw (for the hosts inside the DMZ), when hosts are inside the DMZ now - still the DSL router (external
2005 Jan 23
15
Idea: permit /etc/shorewall/masq to contain zones, as well as interfaces
Dear All,
Firstly, thank you very much - shorewall is great. I''m not a member of
this list, and please forgive me if I am suggesting something stupid, but
the following occurs to me, and I thought it might be useful.
Why no make it possible to specify zones as well as interfaces in the
/etc/shorewall/masq file ?
Eg: instead of:
eth0 eth1
one might write:
net loc (or masq in
2008 May 23
5
Shorewall is eating my Asterisk egress traffic
I have four-interface Shorewall config set up. The "dmz" interface is
bridged with "net" so I can assign public IP''s to the servers in the DMZ. I
opted to do this rather than SNAT or ARP proxying because one of the servers
runs Asterisk and SIP and NAT don''t always work well together. Somehow, my
firewall config is causing a one-way audio problem in
2011 Aug 23
8
problems configuring shorewall in proxmox pve (debian5)
hello
before asking my question I come
My name is Santiago and I''m from Spain but I''m in Colombia
I followed this guide:
https://www.doas.montanalinux.org/proxmox-ve-with-shorewall.html
but when I run shorewall check, this error occurs:
Checking...
Initializing...
Determining Zones...
IPv4 Zones: net loc
Firewall Zone: fw
Validating interfaces file...
ERROR: Invalid
2004 Aug 10
2
IP of FW showing instead of server''s IP
Hi,
I have a 3 interface FW like this:
http://shorewall.greshko.com/GSLUG_files/slide0008_image004.png
where I use PROXYARP to give the servers in DMZ an IP from our public IP
range.
A bit like this:
http://shorewall.greshko.com/GSLUG_files/slide0042_image026.png
proxyarp:
xxx.23.52.145 eth1 eth0 - yes
xxx.23.52.146 eth1 eth0 - yes
xxx.23.52.147 eth1 eth0 - yes
xxx.23.52.148 eth1 eth0 - yes
2003 Jan 05
2
Shorewall DMZ - Proxy ARP or Static NAT
Hi All,
>From the documentation I have read on Shorewall, the preferred approach
seems to be, to use Proxy ARP instead of Static NAT for hosting web servers
in the DMZ Zone. But I have also read that this could cause problems for VPN
configurations.
I essentially have multiple public IP''s, which I want to map to private
addresses in the DMZ. I also intend to setup a gateway between 2
2005 May 21
10
pb with iptables snat script
hi list,
oh it''s not really a problem.
Each time i fire shorewall, i run a custom iptables script:
(for the openvpn machines to have route back from my bridge/fw -
$SOURCEIP is the ip of my OpenVPN/Fw/bridge)
iptables -A POSTROUTING -t nat -s 10.8.0.0/16 -j SNAT --to-source
$SOURCEIP
i wish to better integrate it within shorewall, so is there any config
files that could achieve the
2005 Apr 07
4
MSSql Connections cannot be established
Hi All,
I''m using shorewall on my laptop(2 NIC) to connect my desktop to the
Internal LAN.
For some reason, MS''s SQL query analyser is not able to connect to the
SQL server. I alway get the "Server does not exist"
I even tried to connect to it using IP address rather than netbios name
and it still doesn''t work. All of the access is fine. (eg: WEB/ping etc)
2005 Nov 21
2
shorewall status
Hi
I wonder if you can help... I have setup shorewall(2.2.3) under debian on a
machine that has 4 network ports... the idea is that there is 1 WAN port, 1
DMZ port, and 2 LAN ports, 1 LAN port has static NAT setup for selected
incoming connection from trusted sources, and the second LAN port I am
trying to setup using masq NAT as it only requires outgoing connections, no
incoming.
the static NAT
2003 Feb 04
1
Totally SNAT confused :)
Hi !
I have setup a complete shorewall now with DMZ, and Private zones and
masq, rules, port-forwarding etc. worx like expected.
BUT
I have a wish to use a couple of more public IP''s and relate those to
inernal servers on the DMZ zone and i am now so confused about it. I have
searched this archive for SNAT port allow
Setup:
3 public adresses on the WAN nic. lets call them 80.80.80.80 -
2005 Feb 02
6
Need help with Shorewall
I am using debian sarge. I want to block all incoming requests except
DNS (port 53) and allow all outgoing traffic. I did a apt-get
shorewall. When I start shorewall, I cannot even ping to any external
site. I am a newbie and difficult to follow the online guide. Can
anyone please help me.
Thanks !
2002 May 17
19
Shorewall 1.3 Beta 1
The 3.1 Beta is now available -- check the Shorewall home page.
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ teastep@shorewall.net
2003 Jun 20
7
NAT PAT & SNAT
Hi!
I''ve been searching the net for information about this topic, but I can''t
find anything relevant to my problem or I don''t understand the answer
completely. Please enlighten me... :-)
I''m trying to replace a Cisco PIX firewall with a Linux Shorewall box. Today
the users behind the Cisco FW is on a NAT-network and in the same network
there are a couple of
2003 Mar 11
2
Shorewall 1.4.0 RC3
I anticipate that this will be the last RC unless problems are discovered.
Changes since RC2 include:
* The default route is now ignored when Shorewall is detecting masqueraded
networks. A warning message is issued if the default route goes through the
source interface (normally, the destination interface is the firewall''s
external interface and therefore, the default route would go
2004 Feb 11
2
shorewall-docs-html-1.4.10a bugreport
shorewall-docs-html-1.4.10a is missing following files:
Banner.htm
Shorewall_index_frame.htm
seattle_firewall_index.htm
Or there should be different index.htm in tar. There might be other
missing files but that''s what I found out immidiately when I tried to
check local docs.
--
Tuomo Soini <tis@foobar.fi>
Linux and network services
+358 40 5240030
Foobar Oy
2004 Nov 01
2
dmz setup
I am trying to add a machine into my dmz. It is the first machine I''ve
ever added to this dmz and fro some reason I cannot establish
communication between the dmz and the machine.
Here is an example of my setup:
ISP router --> firewall (eth0)
firewall (eth1) --> local network
firewall (eth2) --> DMZ
eth0 and eth2 have public IP addresses as does the machine I just added
to
2005 Apr 12
8
SMTP / DMZ
Hi Guys,
I have been trying to configure shorewall
1) Internet Access to internal users
2) Have a DMZ that will house atleast 6 mail / web / ftp servers that
will server our existing group companies outside our physical location.
3) Setup openvpn between our location and our group companies .
What i have done so far is :
- Created the 3 zones with the IP ranges as below.
DMZ:172.16.10.x
2011 Apr 15
1
Proxyarp vs DNAT
Hello list,
I am in the process of switching from IPCOP to Shorewall s the firewall
for our small office. I very much like the fact that Shorewall runs on
top of the same OS (openSuSE 11.4) that I run on the server and my desktop.
Our setup is fairly straightforward. We have 8 static ip addresses from
our ISP, which provides a cable modem and a Cisco 800 series router.
The ip addresses are
2004 Sep 15
15
re: start error
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The original post was over 300,000kb so I didn''t spam the list with it -TE.
|
|
| Thank you for your quick and helpful response.
|
| I didn''t understand that the virtual interface eth0:1 doesn''t count as
a separate instance from eth0.
| I am sorry to ask for further assistance and would appreciate any
help. The error
2005 Apr 04
12
Shorewall site down ?
Is the Shorewall.net down ? Regardless of page I get a "connection
refused"
- Bill