Displaying 20 results from an estimated 4000 matches similar to: "Shorewall with ProxyARP"
2003 Feb 25
0
Shorewall Setup.
Hello Tom and others on the list.
Tom - you might recall that the other day (night) I had problems with my
axip setup (protocol 93) and we made some changes to the policy, zones and
interfaces files. You added ''peers and tunl+''
Following that change nothing seemed to work. In fact you wanted to see
the shorewall status file, among other things.
Well - tonight, I carefully put
2005 Apr 08
10
ProxyARP in a Routed environment
Hi,
In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall
external interface and the DMZ interface are in a completely different network . That means the gateway of the External interface and the hosts in ProxyARPed DMZ zones are in different network.
eth0 ---in 220.227.X.Y/30 -- shorewall external interface
eth1 ---in 220.227.A.B/27 -- shorewall
2005 Feb 28
1
Mail server on DMZ
Hello,
I have this problem: when my mail server on the DMZ starts a connection to
the internet it''s ip (213.58.230.26) is "masqueraded" with the firewall ip
(213.58.230.50). I wouldn''t mind but there is a one customer who rejects the
connection because it makes reverse dns and finds no dns entry for the
firewall ip.
How can i correct this?
Thanks,
MSantos
shorewall
2005 Mar 07
10
DNS Name problem with mail server on LAN
Hi,
I have a big "name problem" with my internal mail server (10.0.0.152).
It is "seen" on the internet through DNAT (213.58.230.27). Also there is a
MX record pointing to the machine. Everything works fine from the outside.
However i can''t set the mail clients on the lan pointing to the mx record,
because this one points to 213.58.230.27 and the firewall
2003 Feb 27
3
Unknown commments in shorewall status.
I wonder if someone can tell me what these ''unknown'' remarks mean in my
status file. They are only in the last portion of the file and are listed
below. If they mean nothing, I will rest easy. But if not it means
I need to fix something. Your thoughts would be appreciated.
----------------
udp 17 92 src=24.224.173.220 dst=24.222.0.75 sport=1027 dport=53
src=24.222.0.75
2005 Apr 07
4
Shorewall in a Routed network
Hi,
In a routed network environment, without the router , we want to use the shorewall as the firewall/router. The ISP has assigned the following set of IP addresses.
WAN IP for subnet 1 (DATA)
220.227.202.X/30 ( to be assigned to eth0 of the shorewall)
WAN IP for subnet 2 (Voice)
220.227.202.Y/30 ( to be assigned to eth1 of the shorewall)
Addresses assigned for Subnet 1 by
2003 Aug 26
1
ADSL router, two nics, web server not visible from internet
I have an ADSL router, a linux box with two NICS connected to the
router and another PC connected to the router.
I installed shorewall using the two interface method.
I can ping and see the webserver on the linux box from the local
network, but not from the internet.
Sys info as follows:
[root@wilma root]# shorewall version
1.4.6b
[root@wilma root]# ip addr show
1: lo: <LOOPBACK,UP> mtu
2005 Jun 27
5
Bridging problem with Shorewall and OpenVpn
Hello All,
I am trying to implement OpenVPN on Fedora core Linux 3 with the latest
pathces
installed. This server is used only as firewall/internet gateway/proxy/VPN
server, with kernel 2.6.1-1.27.FC3 and kernel 2.6.1-1.27.FC3 SMP
It has two NIC''s eth0 (10.0.0.150) connected to ADSL, eth1 (192.168.3.12)
connected to the local network.
I use shorewall 2.4 on this machine.
I like to test
2005 Jan 08
8
Shorewall problem, perhaps with PPPoE
I have what strikes me as an odd problem with shorewall.
Let me describe my setup.
My desktop (alfred) is connected to the network
through an ADSL modem.
I am running rp-pppoe, and this works perfectly.
I have a small home network, with two LANs;
an Ethernet LAN (including a machine running Windows XP),
and a WiFi LAN, including the laptop (william) I am using now.
All the computers except for
2004 Apr 19
2
two WANs one LAN
Hello list,
I want a set-up with a satellite link (eth0) and a cellular cdma
link (ppp0) coming into a linux box with a LAN (eth1 or wlan0)
to be able to route first through the satellite when it''s on, or
else the cdma when it''s in range. Load sharing is not critical,
but it would be nice. The satellite has a static IP, the cdma
is dynamic. Both WANs are
2003 Mar 25
7
DNAT not working after changing BIND to use views
Hello all:
I''ve got a confusing issue. I had a working shorewall configuration
(based on the two interface model) using DNAT for redirection to my HTTP
server. The HTTP server is on my inside network (I know - bad juju, but
one thing at a time). I changed my configuration this morning to use
views in my BIND (named) configuration. Everyone outside the firewall
is able to get in
2005 Apr 10
1
FW: ProxyARP in a Routed environment
Tom,
Is not this query worth answering?
-Siva
-----Original Message-----
From: Sivamurugu K. Pillai
Sent: Friday, April 08, 2005 3:14 PM
To: ''Mailing List for Shorewall Users''
Subject: ProxyARP in a Routed environment
Hi,
In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall
external interface and the DMZ interface are in a
2003 Nov 05
0
Bug? wildcard interfaces not accepted in fwd chain
Hi,
[Summary]
There seems to be a bug when using the "+" wildcard notation in the
interfaces file, in that rules are not generated in the fwd chain to
permit traffic going out an interface with a "+" in it.
[Details]
The interface entries:
loc tun0 detect routeback,newnotsyn
loc tun1 detect routeback,newnotsyn
loc tun2
2003 Mar 28
9
Squid
I''m attempting to setup Squid as shown on:
http://shorewall.sourceforge.net/Shorewall_Squid_Usage.html#DMZ
The firewall is a Bering 1.0 firewall running Shorewall 1.3.11, Red Hat
7.2 on the server in the DMZ. I''m not seeing the requests come in to the
server using tcpdump. The server is 192.168.2.1 connecting to eth2 on the
firewall, the local traffic I''m trying to
2004 Sep 21
1
squid on DMZ using proxyarp
sorry, i''m confuse where to post my problem..
i was post to shorewall-users, but must read to
support.html
this''s my problem
-----------
i have squid running on DMZ zone
and my network using ProxyARP on eth1 and eth2
mylinuxbox slackware 9.2
my network can access to internet normal, but can''t
redirect to squid server from firewall.
sometimes my network can connect
2005 Jan 11
1
Squid and DMZ (ProxyARP)
Hello All,
I have a question about setting up the shorewall firewall for squid, I
followed the instructions on "Using Shorewall with Squid" --> "Squid Running
in the DMZ" section. For some reason I am unable to get the program to work.
I am able to have the squid work properly by using squidclient program, but
once I setup the firewall to use the redirect I am unable to
2005 Oct 06
1
HTB problem running on VLAN, not working
Hello.
I''m running linux box with Slackware 9.1 and compiled kernel 2.4.31 with "yes" to VLANs and "yes" to all QoS.
On this box i have more ethernet interfaces:
eth0
eth1
eth2
and so as more vlan interfaces:
eth0.100
eth1.3
eth1.4
This is entrace(uplink) router to our whole network and my goal is to shape users on this machine.
I want for this purpose use HTB so
2004 Aug 27
3
Proxy Arp Ip Conflicts
I must have something configured wrong somewhere. I''ve enabled proxy-arp on my
shorewall 2.0.7 firewall. Works fine for what its supposed to do, I can see
all the machines through it great. However, whenever its enabled, the network
on the DMZ goes screwy. I''ve narrowed it down to this:
when proxy arp is enabled for that interface, like such:
echo 1 >
2003 Feb 26
0
Re: Exchange Server in DMZ (i-hacked.com)
Hiya,
My two cents here .. I use a locked down Linux Sendmail relay (use sendmail
null-client feature on any spare old server or PC) in my DMZ to relay Mail
to the exchange server in my local zone. Its sort of the moat you have to
cross over to get at the castle walls and the hot oil dumped on your head
approach.
Francesca C. Smith
Lady Linux Internet Services
1801 Bolton Street # 1
Baltimore,
2003 Apr 15
8
repost (passive FTP server in DMZ and shorewall 1.4.2)
I apologize for the first message. :)
---------------------------------------
I have an FTP server running in the DMZ section of my home network. It uses port 23000 for connection and ports 19990 to 19994 for data transfer.
I have setup the following rule for outside people to connect to it:
DNAT net dmz:192.168.2.2 tcp 23000
I''m at work right now and I can''t use