similar to: routing thru shorewall

Hi, I have a few questions. My goal is to run NIS and samba so I have a central point of passwd control and just one place to change passwords. I will eventually have 5 samba servers so this is quite important to me as I don't want to have to change passwords and setup passwords on 5 servers when changing or adding new users. Can this be done? So that if a user changes his password for

Hi, madly looking for an answer to this but haven't found it in the smb.conf man pages yet... I'm using samba for my print server. I use printing = cups with samba. Currently it looks like all print jobs are being retained in /var/spool/samba and it has just filled my var fs :-( and no one can print. I can't seem to find any parameters associated with pruning the jobs, or how long

I have been using shorewall and freeswan successfully for 3 or more years now. But they have all been using the Linux 2.4 kernel. My current configuration is (as the title suggests) using SuSE 9.1 which has a 2.6.5 kernel and freeswan 2.0.4 built-in. After much reading and a lot of trial and error, I did get this combination to work with Shorewall 2.0.9. It is happily talking to an older Mandrake

Hi everyone, I have a question regarding the default gateway for hosts on DMZ zone. I moved servers from parallel to the DMZ (outside the firewall, directly connected to I-net) to inside DMZ. The default gw for these servers was the DSL router(bridge) of my ISP. What should be the default gw (for the hosts inside the DMZ), when hosts are inside the DMZ now - still the DSL router (external

Hello, I seem to have the Freeswan IPSEC tunnel working between my two sites, but I am still having a problem that looks to be because of something I have configured wrong in my shorewall setup.. I have a LEAF Oxygen < 1.9 heavily modifed firewall setup.. Using FreeSwan 1.91, and Kernel 2.4.8. Modified to use IPTables and standard Debian network/interfaces. I am also using Shorewall

Hi. I am trying to force some traffic that goes to address 203.7.93.94 through a VPN tunnel. I use freeswan 1.98b and Shorewall 1.4.6c in one machine. The 203.7.93.94 is in the DMZ on the other end. (Both ends use the same shorewall and freeswan). I have successfully set up a tunnel between the two network (using a point to point topology, not hub). I added a static routing that redirect

Hello all, Name is Andrew and in desperate need of some info. Setup: - Mandrake 9.1 with three interfaces (eth0 --> WAN) C-class /28 network (with tree virtual addresses which I am DNAT-ing to the DMZ) (eth1 --> LAN) A-class 10.0.0.0/8 (eth2 --> DMZ) A-class subnet 10.1.123.0/24 - Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk Dilemma: - LAN can not access the DMZ zone

Hi all! I''ve set up a Linux box with shorewall doing proxy arp as per http://www.shorewall.net/shorewall_setup_guide.htm#ProxyARP the 5.2 (non routed) example. Everything is working great except for one thing, and that leads me to my question: is there a conflict between proxy arp and pptp? I''ve set the apropriate ACCEPT rules to allow tcp port 1723 and protocol 47 to the host

Hi all! I posted earlier about the proxy arp configuration = http://shorewall.sourceforge.net/shorewall_setup_guide.htm#NonRouted, = and was probably not sufficiently knowledgeable on the subject. I''ve = gone through a bunch of documents on proxy arp, subnetting with proxy = arp and the documentation at shorewall, and have come up with a setup = that would be perfect for the job at hand

We had a running ipsec shorewall system to all of our remote offices. We added a dmz to the firewall and implemented proxy arp for that dmz. We have checked everything two or three times and cannot figure out why the vpns will no longer come up. We are using shorewall version 2.2.3 from the debian stable sarge distribution. We noticed the errata that for 2.0.0 there was a problem with proxy

Hi ! I have setup a complete shorewall now with DMZ, and Private zones and masq, rules, port-forwarding etc. worx like expected. BUT I have a wish to use a couple of more public IP''s and relate those to inernal servers on the DMZ zone and i am now so confused about it. I have searched this archive for SNAT port allow Setup: 3 public adresses on the WAN nic. lets call them 80.80.80.80 -

Hi, in a three interface firewall I have eth0, loc, 10.1.5.1/16 eth1, int, 200.41.61.228/29 eth2, dmz, 192.168.1.1/24 (un)fortunately I got a group of public ip?s to use, so here is my problem in the dmz I have 192.168.1.3 redirected from eth1 alias 200.41.61.226 (a web server, works perfect). I am trying to set up a mail server also, a different machine, so I can?t use proxyarp, as with this,

On the firewall, what is the rationale for giving eth1 an IP address that is also assigned eto eth0? (Rather than a private one.) -- Taso Hatzi caesar 17 <<-salad cjbx jc vdwwjar jc xi jc jd salad

Tuomo Soini wrote: > You don''t happen to read shorewall-devel mailinglist ? I read it -- I just didn''t know what to make of your post and it arrived while I was on vacation. What exactly are you trying to accomplish that Shorewall isn''t doing for you now? e.g. /etc/shorewall/zones rw Roadwarriors Road Warriors /etc/shorewall/interfraces rw ipsec+

Hi All, >From the documentation I have read on Shorewall, the preferred approach seems to be, to use Proxy ARP instead of Static NAT for hosting web servers in the DMZ Zone. But I have also read that this could cause problems for VPN configurations. I essentially have multiple public IP''s, which I want to map to private addresses in the DMZ. I also intend to setup a gateway between 2

I have been studying Tom''s configuration at: http://www.shorewall.net/myfiles.htm -and- http://www.shorewall.net/NAT.htm I am using SBC as an ISP and also have 5 "real" IP addresses and because of other issues, have to re-do my set-up. If I have a block at .120/29 assigned to me, what SBC does is give you 5 usable addresses, in my case .121 is the SBC modem/router and

I am new to Shorewall and FreeSwan, please excuse my ignorance I was wondering if someone could help me. I had help getting my FreeSwan running with the following iptables commands: iptables -I FORWARD -s 0/0 -d 192.168.1.0/24 -i ipsec0 -o eth1 -j ACCEPT iptables -I FORWARD -s 192.168.1.0/24 -d 0/0 -i eth1 -o ipsec0 -j ACCEPT If I manually run this FreeSwan works, however I am not sure

Hi all! I have got a vpn connection set up using FreeSwan and shorewall. Everything works fine but I want to add another subnet to the whole. This means that 1 box will get two net-to-net connections. I want to limit the services on one subnet however. Cuurently I have defined a vpn zone for the current connection and allow all vpn<->loc traffic. How would I go about in tightening the

Hi, I have this case: My Shorewall is a internet gateway: (fw) eth0 -> 200.209.100.0/30 (loc) eth1 -> 192.168.0.0/24 (dmz) eth2 -> 200.209.100.8/30 In the DMZ, I have another linux, with a web server too. eth0 -> 200.209.100.10/30 - running Apache at port 1700 eth1 -> 192.168.0.0/24 My problem is: I need to make a NAT, from my local

Dear, All I have 4 ip public in my router 1. For Connection to gateway 2. For gateway Wireless Lan (with ip public) 3. For DMZ 4. For Downtream ISP ------------------History I have two way for connection Internet 1 by Leased Line 128 Up/Down and 256 Down With DVB and i have client with wireless Network. I need Client wireless network can use DVB Network for connection with port 80. What can i