similar to: Forcing ISP ARP cache to refresh immediately

To rephrase the question, "Can I use masquerading and proxy ARP in the same zone simultaneously?" It''s not a stupid question--I couldn''t see any reason why it wouldn''t work, but I had actually try it out to convince myself that it did (which isn''t a bad thing to do before posting the question to the list, by the way). In any case, the answer is

That log message looks like someone (or some program) is trying to browse to moreover.com from your web server machine--it''s not a reply to an external request. You''d see messages like that if you were running some sort of HTTP proxy server (like Squid) on that box (although they''d likely be to multiple IPs, unless your users only browsed to p.moreover.com). It could

Hi, I am trying to configure the SMTP service on DMZ host. Added the rule: ACCEPT wan dmz:66.58.99.84 tcp pop3 - ACCEPT wan dmz:66.58.99.84 tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp pop3 - issued shorewall clear, shorewall restart, but still couldn''t telnet to the mail server

Hmm--either the indexing process is still running, or it''s broken again. It''s 0443 GMT, and I can''t get the search engine to find anything on the mailing list or the web site (I used ''dns'' as my search term). It''s not that big of an inconvenience, though--Googling for ''site:shorewall.net dns'' does pretty much the same thing.

While I''m in temporary retirement, I''ve decided spend a little time experimenting with new things and making some updates to the web site. The biggest result of this effort to date has been: http://shorewall.sf.net/Shorewall_Squid_Usage.html This outlines how to use Squid as a transparent proxy running on the firewall, in the DMZ or in the local network. In the latter two

Two quick questions to the group: Anyone seen this before: Jan 14 02:55:45 gw1 kernel: Shorewall:all2all:REJECT:IN=eth1 OUT=eth0 SRC=66.58.99.83 DST=170.224.8.51 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=38676 DF PROTO=TCP SPT=1735 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 I mean my web server is trying to replay to some external host 170.224.8.51 (p.moreover.com) for some reason. What could be? It

Anyone, willing to take a lead on this one, since Tom is taking a rest: " I am hosting all servers by myself. I have five static IP addreses with a DSL line. My DSL router from the ISP provider is configured as bridge, so no traffic is filtered. I checked the logs and getting: Jan 5 23:05:12 gw1 kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=66.58.99.86 DST=216.35.73.164 LEN=68

Thanks Bradley, Yes, it works fine inside the firewall. And otherwise there is no proxy server. Its just the MS Small Business Server behind the firewall. Let me remove port 80 just to see what happens... bk -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Bradey Honsinger Sent: January 3, 2005

Those are just late DNS replies--port 53 is DNS, and the IP you gave points to a DNS server (ns1.gci.net). "dig -x" is your friend :) The connection tracking table used by iptables to masquerade your internal network will only "hold open" a UDP connection for a certain amount of time; if no traffic flows in either direction, the entry in the connection tracking table will be

Can someone help me with this problem: My host on the DMZ is inaccessible from the WAN on port 25. I tried to telnet but getting: $ telnet 66.58.99.84 25 Trying 66.58.99.84... telnet: Unable to connect to remote host: No route to host My shorewall/proxyarp is: #address interface external haveroute 66.58.99.82 eth1 eth0 No 66.58.99.84 eth1

I am attempting to discern the efficacy of controlling or filtering ARP (gateway/client) to mitigate unauthorized connections to wifi networks. As such, I am aware that EAP was originally devised to allow for: " the negotiation of an authentication protocol for authenticating its peers BEFORE allowing network layer protocols to transmit over the link" (RFC2284) However, this

Group, I am reading about tc (traffic control) and willing to get my feet wet. As requirement, there should be HTB compiled in the kernel. I grabbed a Mandrake 8.2 distro, and didn''t installed the kernel source. Anyone knows if the HTB is compiled in Mandrake 8.2, or point a way to find that out? I tried to read the /usr/src/kernel.xxxxx/.config file, but it doesn''t exists.

Tom Eastep wrote: > On Mon, 2005-01-03 at 15:22 -0800, Boyd Kelly (Coast Systems) wrote: > > Thanks for such a quick reply Tom! > > > > Any suggestions then as to what I might do other than > putting a second > > nic in the SBS and opening it up for web access? I don''t > like the idea, > > but since MS SBS includes fireall that is actually what

Hi, So, the issue is a fairly common one: Network doesn''t work for like a minute or so after a live migration. The setup is a debian wheezy dom0 with xen 4.1.2 running 3.6.11 kernel. The domU is a Ubuntu 12.04 with a 3.2 kernel. The networking setup uses bridges on the dom0. I also made sure that the bridge forwarding delay is set to 0. The VM doesn''t initiate any network

https://bugzilla.netfilter.org/show_bug.cgi?id=1155 Bug ID: 1155 Summary: arp forward filter doesn't work Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: kernel Assignee: pablo at netfilter.org

I must have something configured wrong somewhere. I''ve enabled proxy-arp on my shorewall 2.0.7 firewall. Works fine for what its supposed to do, I can see all the machines through it great. However, whenever its enabled, the network on the DMZ goes screwy. I''ve narrowed it down to this: when proxy arp is enabled for that interface, like such: echo 1 >

Hi all, I''m running Xen-3.2 and linux-image-2.6.18 as Dom0 kernel on a VT-x processor. The problem is that broadcast arp who-has packets are not seen in Dom0 kernel. I''ve tried both precompiled debian kernel and compiled latest one from sources as described at http://lists.xensource.com/archives/html/xen-users/2008-01/msg00699.html There is no linux bridge invoked,

Hi, I''ve got a question about how to configure the shorewall, and maybe someone could answer. I have a PC with 3 ethernet. The eth0 connets to internet. The eth1 connects to LAN A, and the eth2 connects to LAN B. I''ve configured the shorewall for doing NAT, and both LANs can navigate, but it seems that from a LAN A host you can connect to a PC of LAN B, and the other way

Here is a puzzle. I have a network with several servers. It''s a mess. It''s a /24 and pieces and servers are all over the place inside this /24 block, on both sides of the firewall. For example, the router at 1.2.3.1 is outside the firewall and many of the servers at 1.2.3.nnn/24 are behind the firewall. (Obviously, 1.2.3.nnn is a fudged network.) eth0 points outward to

I have two Xen 3.0.2 domains, both are using network-bridge, both servers are in the same network. dom0_A, domU_A - first Xen server (dom0 and domU) dom0_B, domU_B - first Xen server (dom0 and domU) I cannot ping or connect from one dom0_A to dom0_B nor domU_B. arping works fine though. I can ping and connect from domU_A to dom0_B and domU_B, though. I have changed