similar to: Re: Bridging firewall...

The bridging documentation (http://shorewall.net/2.0/bridge.html) has been expanded and there is a refresh of the bridging code (ftp://shorewall.net/pub/shorewall/Bridging and http://shorewall.net/pub/shorewall/Bridging). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Hmm--either the indexing process is still running, or it''s broken again. It''s 0443 GMT, and I can''t get the search engine to find anything on the mailing list or the web site (I used ''dns'' as my search term). It''s not that big of an inconvenience, though--Googling for ''site:shorewall.net dns'' does pretty much the same thing.

The Shorewall support page advocates including the output of "shorewall status" with problem reports that involve some sort of connection problem. I suspect that the number of people who feel comfortable analyzing problems through use this output is small. To help, I''ve created http://shorewall.net/AnalyzingShorewallStatus.html I suspect that the document isn''t

Hi Folks, Can i transform my firewall into a bridge (Mean Nic to Nic), in the ethernet level (Not protocal, Ip''s etc) and also use shorewall ? Than make a Layer 2 Switch with netfilter rules to all Ip''s in my network ? I have 4 whole real classes and want to protect the people inside. With proxyarp works but sometimes fail (People loose connection etc) Just with switchs and my

I have a senario I hope one can help me out with... I have a range of Public IP Address 203,xxx.59.106-114 I have 4 internet servers that need to communicate to internal servers/clients 172.16.x.x/24 using port 80. These are Windows2000 servers (no software firewall solution) I have a 2nic shorewall device at present and ,as you know, I can only NAT 80 to one internal server. My immiediate

Anyone ?|Another try and now with the info asked 4. |nl1cat wrote: | Hello.. | I have a somewhat "funny" setup. | I use the dosemulator Dosemu for running a dos based packetradio nodeprogram | called Xrouter. | I setup dosemu to use my eth1 (lan) nic and i bring up a device called dsn0. | (this is all running on Slackware 9.1 without X) | insmod /etc/dosemu/dosnet.o | sleep 2 | ifconfig

Hi- One last question for the week, I promise. I''ve got one IP ProxyArp''d according to the instructions at http://www.shorewall.net/ProxyARP.htm. I''ve setup the shorewall/proxyarp file as follows: #ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT 208.4.145.73 br0 eth1 no yes #LAST LINE -- ADD YOUR ENTRIES

I have previously set up an openvpn LAN to LAN bridging VPN so I know a little about what has to happen. The gateways on either ends were running older version of shorewall that did not support openvpn directly so I just basically opened ports for it and used bridging with tap interfaces. I am no longer using that vpn link to the other house but now that i''ve upgraded I would like

I''m not subscribed to the users list but I''ve been reading the archives. The OP should NOT try using bridging with either FC 3 or FC 4 at this time because the combination of Netfilter and bridging is currently broken in the kernel''s included with those distros (as reported in another thread on the list). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently

Joshua Schmidlkofer wrote: > Tom Eastep wrote: > >> Joshua Schmidlkofer wrote: >> >>> Tom, >>> >>> Here is the setup method w/ Bridging on Gentoo. >>> >> >> Thanks, Joshua >> >> -Tom > > > Off topic - Has anyone cooked up a good web front end? I am messing w/ > IPCop, because one of my clients uses it.

Hello Shorewall gurus, I have a dilemma with a public server. I want to migrate the current public server over to a new machine behind the current server''s firewall (shorewall 1.4). I have included a diagram below to help explain the target network I am working toward. I have read the shorewall online documentation and though I have used Shorewall the past 4 years in the current

Hi everybody. I''m trying to configure shorewall folowing this manual: http://www.montanalinux.org/proxmox-ve-with-shorewall.html But with shorewall check it tells me thah: Checking /etc/shorewall/interfaces... ERROR: Unknown zone (dmz) : /etc/shorewall/interfaces (line 16) How can I define it in the zone file? thanks for the help. best regards, Santiago.

Hi, In a routed network environment, without the router , we want to use the shorewall as the firewall/router. The ISP has assigned the following set of IP addresses. WAN IP for subnet 1 (DATA) 220.227.202.X/30 ( to be assigned to eth0 of the shorewall) WAN IP for subnet 2 (Voice) 220.227.202.Y/30 ( to be assigned to eth1 of the shorewall) Addresses assigned for Subnet 1 by

Hi, New here... I would like to setup shorewall on a dedicated box protecting a mutiple web, mail and dns server in the datacenter. All the ip address will be public ip (No LAN setup). I would also like to do traffic shaping and install Snort as well in the same box. Can Shorewall do all this? Is there any docs on that? Do i need to configure Shorewall as a bridging firewall in order to do

Hello all, Name is Andrew and in desperate need of some info. Setup: - Mandrake 9.1 with three interfaces (eth0 --> WAN) C-class /28 network (with tree virtual addresses which I am DNAT-ing to the DMZ) (eth1 --> LAN) A-class 10.0.0.0/8 (eth2 --> DMZ) A-class subnet 10.1.123.0/24 - Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk Dilemma: - LAN can not access the DMZ zone

Is anyone using user sets? I''m considering dropping support for them in 2.0 in favor of just listing individual user/groups in the rules file. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Hi, In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall external interface and the DMZ interface are in a completely different network . That means the gateway of the External interface and the hosts in ProxyARPed DMZ zones are in different network. eth0 ---in 220.227.X.Y/30 -- shorewall external interface eth1 ---in 220.227.A.B/27 -- shorewall

Hi all! I posted earlier about the proxy arp configuration = http://shorewall.sourceforge.net/shorewall_setup_guide.htm#NonRouted, = and was probably not sufficiently knowledgeable on the subject. I''ve = gone through a bunch of documents on proxy arp, subnetting with proxy = arp and the documentation at shorewall, and have come up with a setup = that would be perfect for the job at hand

I have some hosts in a DMZ zone with proxyarp. In my local zone I have a host to which I DNAT. I have discovered that I can reach the host in the local zone by attempting to connect to the fw (As expected) or ANY proxyarped host in my dmz zone (as not expected). Is this normal ? (I''ve just discovered that actually the dnated host answers to requests sent to any IP routed to my host!)