similar to: shorewall 1.2.12

Hi everyone, I have a question regarding the default gateway for hosts on DMZ zone. I moved servers from parallel to the DMZ (outside the firewall, directly connected to I-net) to inside DMZ. The default gw for these servers was the DSL router(bridge) of my ISP. What should be the default gw (for the hosts inside the DMZ), when hosts are inside the DMZ now - still the DSL router (external

Dear All, Firstly, thank you very much - shorewall is great. I''m not a member of this list, and please forgive me if I am suggesting something stupid, but the following occurs to me, and I thought it might be useful. Why no make it possible to specify zones as well as interfaces in the /etc/shorewall/masq file ? Eg: instead of: eth0 eth1 one might write: net loc (or masq in

I have four-interface Shorewall config set up. The "dmz" interface is bridged with "net" so I can assign public IP''s to the servers in the DMZ. I opted to do this rather than SNAT or ARP proxying because one of the servers runs Asterisk and SIP and NAT don''t always work well together. Somehow, my firewall config is causing a one-way audio problem in

hello before asking my question I come My name is Santiago and I''m from Spain but I''m in Colombia I followed this guide: https://www.doas.montanalinux.org/proxmox-ve-with-shorewall.html but when I run shorewall check, this error occurs: Checking... Initializing... Determining Zones... IPv4 Zones: net loc Firewall Zone: fw Validating interfaces file... ERROR: Invalid

Hi, I have a 3 interface FW like this: http://shorewall.greshko.com/GSLUG_files/slide0008_image004.png where I use PROXYARP to give the servers in DMZ an IP from our public IP range. A bit like this: http://shorewall.greshko.com/GSLUG_files/slide0042_image026.png proxyarp: xxx.23.52.145 eth1 eth0 - yes xxx.23.52.146 eth1 eth0 - yes xxx.23.52.147 eth1 eth0 - yes xxx.23.52.148 eth1 eth0 - yes

Hi All, >From the documentation I have read on Shorewall, the preferred approach seems to be, to use Proxy ARP instead of Static NAT for hosting web servers in the DMZ Zone. But I have also read that this could cause problems for VPN configurations. I essentially have multiple public IP''s, which I want to map to private addresses in the DMZ. I also intend to setup a gateway between 2

hi list, oh it''s not really a problem. Each time i fire shorewall, i run a custom iptables script: (for the openvpn machines to have route back from my bridge/fw - $SOURCEIP is the ip of my OpenVPN/Fw/bridge) iptables -A POSTROUTING -t nat -s 10.8.0.0/16 -j SNAT --to-source $SOURCEIP i wish to better integrate it within shorewall, so is there any config files that could achieve the

Hi All, I''m using shorewall on my laptop(2 NIC) to connect my desktop to the Internal LAN. For some reason, MS''s SQL query analyser is not able to connect to the SQL server. I alway get the "Server does not exist" I even tried to connect to it using IP address rather than netbios name and it still doesn''t work. All of the access is fine. (eg: WEB/ping etc)

Hi I wonder if you can help... I have setup shorewall(2.2.3) under debian on a machine that has 4 network ports... the idea is that there is 1 WAN port, 1 DMZ port, and 2 LAN ports, 1 LAN port has static NAT setup for selected incoming connection from trusted sources, and the second LAN port I am trying to setup using masq NAT as it only requires outgoing connections, no incoming. the static NAT

Hi ! I have setup a complete shorewall now with DMZ, and Private zones and masq, rules, port-forwarding etc. worx like expected. BUT I have a wish to use a couple of more public IP''s and relate those to inernal servers on the DMZ zone and i am now so confused about it. I have searched this archive for SNAT port allow Setup: 3 public adresses on the WAN nic. lets call them 80.80.80.80 -

I am using debian sarge. I want to block all incoming requests except DNS (port 53) and allow all outgoing traffic. I did a apt-get shorewall. When I start shorewall, I cannot even ping to any external site. I am a newbie and difficult to follow the online guide. Can anyone please help me. Thanks !

The 3.1 Beta is now available -- check the Shorewall home page. -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

Hi! I''ve been searching the net for information about this topic, but I can''t find anything relevant to my problem or I don''t understand the answer completely. Please enlighten me... :-) I''m trying to replace a Cisco PIX firewall with a Linux Shorewall box. Today the users behind the Cisco FW is on a NAT-network and in the same network there are a couple of

I anticipate that this will be the last RC unless problems are discovered. Changes since RC2 include: * The default route is now ignored when Shorewall is detecting masqueraded networks. A warning message is issued if the default route goes through the source interface (normally, the destination interface is the firewall''s external interface and therefore, the default route would go

shorewall-docs-html-1.4.10a is missing following files: Banner.htm Shorewall_index_frame.htm seattle_firewall_index.htm Or there should be different index.htm in tar. There might be other missing files but that''s what I found out immidiately when I tried to check local docs. -- Tuomo Soini <tis@foobar.fi> Linux and network services +358 40 5240030 Foobar Oy

I am trying to add a machine into my dmz. It is the first machine I''ve ever added to this dmz and fro some reason I cannot establish communication between the dmz and the machine. Here is an example of my setup: ISP router --> firewall (eth0) firewall (eth1) --> local network firewall (eth2) --> DMZ eth0 and eth2 have public IP addresses as does the machine I just added to

Hi Guys, I have been trying to configure shorewall 1) Internet Access to internal users 2) Have a DMZ that will house atleast 6 mail / web / ftp servers that will server our existing group companies outside our physical location. 3) Setup openvpn between our location and our group companies . What i have done so far is : - Created the 3 zones with the IP ranges as below. DMZ:172.16.10.x

Hello list, I am in the process of switching from IPCOP to Shorewall s the firewall for our small office. I very much like the fact that Shorewall runs on top of the same OS (openSuSE 11.4) that I run on the server and my desktop. Our setup is fairly straightforward. We have 8 static ip addresses from our ISP, which provides a cable modem and a Cisco 800 series router. The ip addresses are

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The original post was over 300,000kb so I didn''t spam the list with it -TE. | | | Thank you for your quick and helpful response. | | I didn''t understand that the virtual interface eth0:1 doesn''t count as a separate instance from eth0. | I am sorry to ask for further assistance and would appreciate any help. The error

Is the Shorewall.net down ? Regardless of page I get a "connection refused" - Bill