Displaying 20 results from an estimated 9000 matches similar to: "Rearranging the furniture...."
2004 Jan 26
6
Usersets
Is anyone using user sets? I''m considering dropping support for them in 2.0 in
favor of just listing individual user/groups in the rules file.
Thanks,
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2012 Apr 16
6
problems with shorewall proxyarp
Hi everybody.
I''m trying to configure shorewall folowing this manual:
http://www.montanalinux.org/proxmox-ve-with-shorewall.html
But with shorewall check it tells me thah:
Checking /etc/shorewall/interfaces...
ERROR: Unknown zone (dmz) : /etc/shorewall/interfaces (line 16)
How can I define it in the zone file?
thanks for the help.
best regards,
Santiago.
2002 Nov 20
8
Proxy ARP
Hi all!
I posted earlier about the proxy arp configuration =
http://shorewall.sourceforge.net/shorewall_setup_guide.htm#NonRouted, =
and was probably not sufficiently knowledgeable on the subject. I''ve =
gone through a bunch of documents on proxy arp, subnetting with proxy =
arp and the documentation at shorewall, and have come up with a setup =
that would be perfect for the job at hand
2004 Aug 22
6
LAN to DMZ zone issues.
Hello all,
Name is Andrew and in desperate need of some info.
Setup:
- Mandrake 9.1 with three interfaces
(eth0 --> WAN) C-class /28 network (with tree virtual addresses which I
am DNAT-ing to the DMZ)
(eth1 --> LAN) A-class 10.0.0.0/8
(eth2 --> DMZ) A-class subnet 10.1.123.0/24
- Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk
Dilemma:
- LAN can not access the DMZ zone
2005 Feb 11
4
config question for proxyarp hosts?
I''ve got a serious mess of NAT on our firewall/router systems at the
corporate office which seems to do nothing other than confuse the heck
out of people. What I''d like to do is gradually migrate the hosts on
the various DMZ networks away from private IP addresses and NAT over to
public IP addresses and proxyarp.
What I''m wondering, before I start this, is how do I
2003 Oct 19
2
Reg. Proxyarp & DHCP
My ISP has DHCP-assigned IP-addresses.
I wonder if someone has tried using proxyarp
for a DMZ with DHCP-assigned public IP?
2005 Apr 08
10
ProxyARP in a Routed environment
Hi,
In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall
external interface and the DMZ interface are in a completely different network . That means the gateway of the External interface and the hosts in ProxyARPed DMZ zones are in different network.
eth0 ---in 220.227.X.Y/30 -- shorewall external interface
eth1 ---in 220.227.A.B/27 -- shorewall
2010 May 04
7
Packet Not 100% Received
I have problem with my shorewall. We are now doing some stress test with a http application behind the shorewall. Firstly we send 10.000 requests to a http based application with no firewall. It can received 100% requests. But when we put shorewall in front of it then it stats to loose requests. Is there any packet limitation from shorewall all it''s about conntrack? Thanks for the reply.
2004 Sep 10
1
Is ProxyARP or NAT entries really neccesary for DNAT to work?
I have been trying to get DNAT to work and I actually have succeeded
too, however, not how I thought it would work when reading through the
documentation.
1. No matter what I do I cannot get DNAT to work unless I have an entry
in eiter the nat or the proxyarp file. Is that really how it''s supposed
to be? I can''t find anything about it in the documentation.
2. Also, in the
2004 Oct 09
2
odd problem with proxyarp and DNAT
I have some hosts in a DMZ zone with proxyarp. In my local zone I have a host to which I DNAT.
I have discovered that I can reach the host in the local zone by attempting to connect to the fw (As expected) or ANY proxyarped host in my dmz zone (as not expected). Is this normal ?
(I''ve just discovered that actually the dnated host answers to requests sent to any IP routed to my host!)
2011 Apr 15
1
Proxyarp vs DNAT
Hello list,
I am in the process of switching from IPCOP to Shorewall s the firewall
for our small office. I very much like the fact that Shorewall runs on
top of the same OS (openSuSE 11.4) that I run on the server and my desktop.
Our setup is fairly straightforward. We have 8 static ip addresses from
our ISP, which provides a cable modem and a Cisco 800 series router.
The ip addresses are
2004 Nov 22
10
routed vs non routed
In an effert move my Dmz from a snapqear roouter to Linux with shorewall.
Question is I have network 64.42.53.200/29
which makes default gw 64.42.53.201 network 64.42.53.200 broadcast
64.42.53.207
mask 255.255.255.248 and I want to set up shorewall with eth0 64.42.53.202
eth1 local eth2 dmz where dmz will use say 64.42.53.203 for web and email
server.
Where I do not need or should I say use
2005 Jun 18
8
getting my head around DMZ
Hello,
I have been running Shorewall for quite some time at an ISP client of
mine to protect his LAN. We have just upgraded to 2.2.4 and he now wants
to put his servers in a DMZ.
The servers have public IPs in two classes xxx.xxx.79.0 and
xxx.xxx.242.0. The public IP on the router for each class is
xxx.xxx.79.126 and xxx.xxx.242.126.
I am using masq and 192.168.1.0 on eth0 LAN
I have tried
2004 Dec 07
16
Dmz
Hey Tom,
I have successfully set up to servers on a Dmz practice network woohoo
:).
If I take out the proxyarp option in /etc/shorewall/interfaces
Then Dmz can ping outside ip''s on the net but not and of my servers
on network 66.224.62.96/27 (Other than its own gateway server 66.224.62.120)
The reason I ask is to learn. I thought I would not need the proxyarp
option for this to
2004 Oct 28
5
Maximum ProxyArp
Does anyone know what a good maximum number of machines I should place
in the ProxyArp list?
Thanks
Jamie
2003 Mar 21
1
Shorewall config format
Hi,
I''m a long time shorewall user and I like it very much. There is only
one thing were I''m not always happy with: the config files.
There has been discussion on the list about the comments in the files.
My concern is that I loose overview over my configuration because of the
many config files. Of course there are advantages too but I thinking
wether another config format would
2003 Jan 06
5
SMTP traffic gets blocked
Hi,
I am trying to configure the SMTP service on DMZ host. Added the rule:
ACCEPT wan dmz:66.58.99.84 tcp pop3 -
ACCEPT wan dmz:66.58.99.84 tcp 25 -
ACCEPT dmz:66.58.99.84 wan tcp 25 -
ACCEPT dmz:66.58.99.84 wan tcp pop3 -
issued shorewall clear, shorewall restart, but still couldn''t telnet to
the mail server
2003 Jan 06
1
SMTP problem
Can someone help me with this problem:
My host on the DMZ is inaccessible from the WAN on port 25. I tried to
telnet but getting:
$ telnet 66.58.99.84 25
Trying 66.58.99.84...
telnet: Unable to connect to remote host: No route to host
My shorewall/proxyarp is:
#address interface external haveroute
66.58.99.82 eth1 eth0 No
66.58.99.84 eth1
2005 Apr 12
8
SMTP / DMZ
Hi Guys,
I have been trying to configure shorewall
1) Internet Access to internal users
2) Have a DMZ that will house atleast 6 mail / web / ftp servers that
will server our existing group companies outside our physical location.
3) Setup openvpn between our location and our group companies .
What i have done so far is :
- Created the 3 zones with the IP ranges as below.
DMZ:172.16.10.x
2004 Dec 06
12
Interface Configuration
Hello,
You may recall some of My Dmz question around Thanksgiving.
While I have configured a Proxy arp Dmz. I would like to practice
with the routed setup you suggested Tom as your network was
simular.
Here is one of your quotes "The configuration of eth2 is largely
irrelevant but you certainly don''t
want to confuse things by assigning any default gateway out of that