similar to: Using private & public addresses together in the Shorewall''s DMZ zone

To rephrase the question, "Can I use masquerading and proxy ARP in the same zone simultaneously?" It''s not a stupid question--I couldn''t see any reason why it wouldn''t work, but I had actually try it out to convince myself that it did (which isn''t a bad thing to do before posting the question to the list, by the way). In any case, the answer is

Two quick questions to the group: Anyone seen this before: Jan 14 02:55:45 gw1 kernel: Shorewall:all2all:REJECT:IN=eth1 OUT=eth0 SRC=66.58.99.83 DST=170.224.8.51 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=38676 DF PROTO=TCP SPT=1735 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 I mean my web server is trying to replay to some external host 170.224.8.51 (p.moreover.com) for some reason. What could be? It

That log message looks like someone (or some program) is trying to browse to moreover.com from your web server machine--it''s not a reply to an external request. You''d see messages like that if you were running some sort of HTTP proxy server (like Squid) on that box (although they''d likely be to multiple IPs, unless your users only browsed to p.moreover.com). It could

Hi everyone, I have a question regarding the default gateway for hosts on DMZ zone. I moved servers from parallel to the DMZ (outside the firewall, directly connected to I-net) to inside DMZ. The default gw for these servers was the DSL router(bridge) of my ISP. What should be the default gw (for the hosts inside the DMZ), when hosts are inside the DMZ now - still the DSL router (external

Group, I am reading about tc (traffic control) and willing to get my feet wet. As requirement, there should be HTB compiled in the kernel. I grabbed a Mandrake 8.2 distro, and didn''t installed the kernel source. Anyone knows if the HTB is compiled in Mandrake 8.2, or point a way to find that out? I tried to read the /usr/src/kernel.xxxxx/.config file, but it doesn''t exists.

While I''m in temporary retirement, I''ve decided spend a little time experimenting with new things and making some updates to the web site. The biggest result of this effort to date has been: http://shorewall.sf.net/Shorewall_Squid_Usage.html This outlines how to use Squid as a transparent proxy running on the firewall, in the DMZ or in the local network. In the latter two

Anyone, willing to take a lead on this one, since Tom is taking a rest: " I am hosting all servers by myself. I have five static IP addreses with a DSL line. My DSL router from the ISP provider is configured as bridge, so no traffic is filtered. I checked the logs and getting: Jan 5 23:05:12 gw1 kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=66.58.99.86 DST=216.35.73.164 LEN=68

Hi, I am trying to configure the SMTP service on DMZ host. Added the rule: ACCEPT wan dmz:66.58.99.84 tcp pop3 - ACCEPT wan dmz:66.58.99.84 tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp pop3 - issued shorewall clear, shorewall restart, but still couldn''t telnet to the mail server

I've split this thread off from another (PJSIP authentication) because I think the root cause is something different. I think the problem is the following FROM line in my SIP INVITE transaction: From: "MYNAME" <sip:16667778888 at 172.31.253.4>;tag=773a3e6a-a677-4fb1-95fc-54b379b650a4 The IP address above is an internal/non-routable IP, so Twilio is rejecting it. For some

type=endpoint rewrite_contact=yes force_rport=yes rtp_symmetric=yes On 6/21/23 14:36, TTT wrote: > I've split this thread off from another (PJSIP authentication) because I think the root cause is something different. I think the problem is the following FROM line in my SIP INVITE transaction: > > From: "MYNAME" <sip:16667778888 at

You need to put your external IP in the transport configuration: external_media_address=X.X.X.X external_signaling_address=X.X.X.X external_signaling_port=5060 On 21/06/23 12:36, TTT wrote: > I've split this thread off from another (PJSIP authentication) because I think the root cause is something different. I think the problem is the following FROM line in my SIP INVITE transaction:

I tried that (only needed to add rewrite_contact=yes) but it didn't help. BTW, the CONTACT: line holds the correct ip! Only the FROM: line holds the wrong (private) IP. I'm still learning SIP...but I assume the FROM should also hold the rewritten public IP. Just don't know how to force Asterisk to do that. -----Original Message----- From: Eric Wieling [mailto:ewieling at

Something perhaps noteworth, since this is a multihomed system I bound the transport to 172.31.253.4:5060 I don't *think* that would cause Asterisk to use that IP in the FROM...at least it shouldn't. -----Original Message----- From: asterisk-users [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of TTT Sent: Wednesday, June 21, 2023 2:58 PM To: 'Asterisk Users Mailing

Hi List; Can asterisk hear (receive) calls on two IP addresses? How? If yes, then: If I have a VPN router, and my Asterisk server connected to two network cards, one has a private IP address (192.168.0.2) connected to the VPN router (192.168.0.1) and another network card has a private IP address (193.111.196.249) connected directly to the outside default gateway (193.111.196.240), where the VPN

When installing Mandrake 9.0 with the higher security option you cannot ping any of it interfaces, localhost (127.0.0.1) included. All other connections to the system are fine, e.g. ssh, www, squid, etc. "shorewall clear" doesn''t help. Does anyone know how to turn this off for at least localhost and eth1?? Yours truly, Ben

Hi, First, never compare a linux box with a cheap and dumb broadband router. I''m not sure if i understand very well your scenario but I asume is like this: 192.168.0.1--------- -----------| ipsec | | --------- 128.X.X.X --------- 192.168.0.254 | ISP ----------| linux |------------------| --------- | ---------

Can someone help me with this problem: My host on the DMZ is inaccessible from the WAN on port 25. I tried to telnet but getting: $ telnet 66.58.99.84 25 Trying 66.58.99.84... telnet: Unable to connect to remote host: No route to host My shorewall/proxyarp is: #address interface external haveroute 66.58.99.82 eth1 eth0 No 66.58.99.84 eth1

I am quite new to Linux and have moved (almost) from a windoze NT4 environment. My present configuration is running SuSE V 8.0 with KDE3.0.5 desktop on two machines, connecting with Samba to an NT4 PC, and an occasional laptop or other PC that connects locally to the network. After a deal of searching, researching, and seeking advice I have decided to use Shorewall as my firewall.

Voor de duidelijkheid... ---------- Forwarded message ---------- Date: Sun, 11 Jun 2000 16:14:37 -0500 From: gbarnett <gbarnett@satx.rr.com> To: guus@sliepen.warande.net Subject: TINC 1.0pre2: unable to access one private network Guus... I couldn't seem to get this to the mail list... could you post it and/or answer it for me? Thx. I have been having problems configuring TINC

Hi, I have a question. I have a routeable /24 netblock including a server at a colocation and I would like to use tincd to tunnel part of that netblock to an internal network on another location being connected to the internet via gateway with DSL link and a single static IP address, so I can use public routable IP addresses on the local network. I have tincd 1.0 pre7 installed on both the local