similar to: Shorewall DMZ - Proxy ARP or Static NAT

Hi, I have this case: My Shorewall is a internet gateway: (fw) eth0 -> 200.209.100.0/30 (loc) eth1 -> 192.168.0.0/24 (dmz) eth2 -> 200.209.100.8/30 In the DMZ, I have another linux, with a web server too. eth0 -> 200.209.100.10/30 - running Apache at port 1700 eth1 -> 192.168.0.0/24 My problem is: I need to make a NAT, from my local

Hi all! I''ve set up a Linux box with shorewall doing proxy arp as per http://www.shorewall.net/shorewall_setup_guide.htm#ProxyARP the 5.2 (non routed) example. Everything is working great except for one thing, and that leads me to my question: is there a conflict between proxy arp and pptp? I''ve set the apropriate ACCEPT rules to allow tcp port 1723 and protocol 47 to the host

Hi all! I posted earlier about the proxy arp configuration = http://shorewall.sourceforge.net/shorewall_setup_guide.htm#NonRouted, = and was probably not sufficiently knowledgeable on the subject. I''ve = gone through a bunch of documents on proxy arp, subnetting with proxy = arp and the documentation at shorewall, and have come up with a setup = that would be perfect for the job at hand

Hi everyone, I have a question regarding the default gateway for hosts on DMZ zone. I moved servers from parallel to the DMZ (outside the firewall, directly connected to I-net) to inside DMZ. The default gw for these servers was the DSL router(bridge) of my ISP. What should be the default gw (for the hosts inside the DMZ), when hosts are inside the DMZ now - still the DSL router (external

Hello all, Name is Andrew and in desperate need of some info. Setup: - Mandrake 9.1 with three interfaces (eth0 --> WAN) C-class /28 network (with tree virtual addresses which I am DNAT-ing to the DMZ) (eth1 --> LAN) A-class 10.0.0.0/8 (eth2 --> DMZ) A-class subnet 10.1.123.0/24 - Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk Dilemma: - LAN can not access the DMZ zone

hello there, im running a 3interface inet, dmz, loc. i have some public ip addresses. one public address is the router of the provider, the second one is the linux box running shorewall. all other public interfaces are on the dmz nic with proxy-arp. now whenever i do a traceroute (the dmz boxes are windows, icmp traceroute) the very first hop gets timeout/stars, then the router of the provider

Hi, in a three interface firewall I have eth0, loc, 10.1.5.1/16 eth1, int, 200.41.61.228/29 eth2, dmz, 192.168.1.1/24 (un)fortunately I got a group of public ip?s to use, so here is my problem in the dmz I have 192.168.1.3 redirected from eth1 alias 200.41.61.226 (a web server, works perfect). I am trying to set up a mail server also, a different machine, so I can?t use proxyarp, as with this,

Hello, I have been running Shorewall for quite some time at an ISP client of mine to protect his LAN. We have just upgraded to 2.2.4 and he now wants to put his servers in a DMZ. The servers have public IPs in two classes xxx.xxx.79.0 and xxx.xxx.242.0. The public IP on the router for each class is xxx.xxx.79.126 and xxx.xxx.242.126. I am using masq and 192.168.1.0 on eth0 LAN I have tried

Hello Tom, I seem to be missing the big picture here.. can you shed some light? I have a three interface setup loc,dmz, net I have 4 global addresses that I want to attach to eth0 (net) address 1 - fw address address 2- I want to forward to a (loc)router that uses dynamic dns vpn (gre) (Yamaha router) address 3 - web server/Bind9 (dmz)forward port 80,443,53 address 4 - mail server (dmz)pop3,

On the firewall, what is the rationale for giving eth1 an IP address that is also assigned eto eth0? (Rather than a private one.) -- Taso Hatzi caesar 17 <<-salad cjbx jc vdwwjar jc xi jc jd salad

To rephrase the question, "Can I use masquerading and proxy ARP in the same zone simultaneously?" It''s not a stupid question--I couldn''t see any reason why it wouldn''t work, but I had actually try it out to convince myself that it did (which isn''t a bad thing to do before posting the question to the list, by the way). In any case, the answer is

Hi, On my network, I use real IP numbers for all of my hosts. They all get nat''d at the gateway. I use real IPs because sometimes someone needs to connect directly to a host behind the firewall. With my old firewall, I had a trusted-hosts file with trusted host IP numbers in it. My hosts talking to external trusted hosts would not have their IPs nat''d instead they were

Hopefully this is an easy question.... I''m using a leaf router (bearing) running shorewall. Three interfaces net, loc, and dmz. Only one computer in the dmz and its being proxy arp''d. External and internal (net and loc) can reach the dmz but the dmz cannot reach the isp''s gateway and beyond, but can reach a system adjacent to the firewall.

I am a Professor of Statistics at Indira Gandhi Krishi Vishwavidyalaya, Raipur, India. While teaching in class about analysis of variance using R, I was doing a one-way analysis for the two data-sets given below in the R-class. I got a typical error in "emmeans" package, please help: Data-set-1: -------------- Medley and Clements (1998) investigated the impact of zinc contamination (and

On 07/01/18 02:19, Akhilesh Singh wrote: > I am a Professor of Statistics at Indira Gandhi Krishi Vishwavidyalaya, > Raipur, India. While teaching in class about analysis of variance using R, > I was doing a one-way analysis for the two data-sets given below in the > R-class. I got a typical error in "emmeans" package, please help: > > Data-set-1: > --------------

I noticed the long standing Ipsec FSwan problem was fixed. But do you still have to make sure Ipec is not running when shorewall starts Reason I ask Is I could not get my Dmz working with Ipsec in the equation. Thanks Mike

In a previous thread, Tom listed advantages (reproduced below) of Proxy ARP over NAT. They are great reasons, but I have one reservation. By using private addresses with NAT for servers in my DMZ, I can granularly allow specific traffic, such as to/from the SMTP gateway/relay in the DMZ, to connect inbound from the DMZ to an internal (LOC) mail server, and know that it comes only from a

Thanks for your kind reply. Problem is solved. However, it's "confidence interval / treatment comparison plot" is not taking main title. And the fonts of axes labels can not be changed using 'cex' parameter. I will appreciate if you could help in this matter too. Dr. A. K. Singh On 09-Jan-2018 8:18 PM, "Sal Mangiafico" <salvatore.s.mangiafico at gmail.com>

Hi ! I have setup a complete shorewall now with DMZ, and Private zones and masq, rules, port-forwarding etc. worx like expected. BUT I have a wish to use a couple of more public IP''s and relate those to inernal servers on the DMZ zone and i am now so confused about it. I have searched this archive for SNAT port allow Setup: 3 public adresses on the WAN nic. lets call them 80.80.80.80 -

I have been trying to figure out why my domU NIC becomes unreachable (could not even ping) at various times. (Normally when the server was trying to update clamav from the various busy mirrors at 4am). There also seemed to be some latency when connecting which I chalked up to it being a virtual machine. When I checked my logs, I found thousands of : Nov 17 04:07:52 nomad kernel: Neighbour