Displaying 20 results from an estimated 4000 matches similar to: "Using private & public addresses together i n the Shorewall''s DMZ zone"
2003 Jan 14
1
Two web servers on DMZ zone with private ad dresses. How to?
That log message looks like someone (or some program) is trying to browse to
moreover.com from your web server machine--it''s not a reply to an external
request. You''d see messages like that if you were running some sort of HTTP
proxy server (like Squid) on that box (although they''d likely be to multiple
IPs, unless your users only browsed to p.moreover.com). It could
2003 Jan 10
5
Shorewall site search is now available agai n
Hmm--either the indexing process is still running, or it''s broken again.
It''s 0443 GMT, and I can''t get the search engine to find anything on the
mailing list or the web site (I used ''dns'' as my search term).
It''s not that big of an inconvenience, though--Googling for
''site:shorewall.net dns'' does pretty much the same thing.
2003 Jan 10
1
Forcing ISP ARP cache to refresh immediately
>From http://shorewall.net/ProxyARP.htm (and the Setup Guide):
> A word of warning is in order here. ISPs typically configure their
> routers with a long ARP cache timeout. If you move a system from
> parallel to your firewall to behind your firewall with Proxy ARP, it
> will probably be HOURS before that system can communicate with the
> internet. You can call your ISP and ask
2003 Jan 06
5
SMTP traffic gets blocked
Hi,
I am trying to configure the SMTP service on DMZ host. Added the rule:
ACCEPT wan dmz:66.58.99.84 tcp pop3 -
ACCEPT wan dmz:66.58.99.84 tcp 25 -
ACCEPT dmz:66.58.99.84 wan tcp 25 -
ACCEPT dmz:66.58.99.84 wan tcp pop3 -
issued shorewall clear, shorewall restart, but still couldn''t telnet to
the mail server
2003 Jan 09
19
New on the Web Site
While I''m in temporary retirement, I''ve decided spend a little time
experimenting with new things and making some updates to the web site. The
biggest result of this effort to date has been:
http://shorewall.sf.net/Shorewall_Squid_Usage.html
This outlines how to use Squid as a transparent proxy running on the
firewall, in the DMZ or in the local network. In the latter two
2003 Jan 13
4
DMZ hosts gateway
Hi everyone,
I have a question regarding the default gateway for hosts on DMZ zone. I moved servers from parallel to the DMZ (outside the firewall, directly connected to I-net) to inside DMZ. The default gw for these servers was the DSL router(bridge) of my ISP.
What should be the default gw (for the hosts inside the DMZ), when hosts are inside the DMZ now - still the DSL router (external
2003 Jan 14
1
Two web servers on DMZ zone with private addresses. How to?
Two quick questions to the group:
Anyone seen this before:
Jan 14 02:55:45 gw1 kernel: Shorewall:all2all:REJECT:IN=eth1 OUT=eth0 SRC=66.58.99.83 DST=170.224.8.51 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=38676 DF PROTO=TCP SPT=1735 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
I mean my web server is trying to replay to some external host 170.224.8.51 (p.moreover.com) for some reason. What could be? It
2003 Apr 15
8
repost (passive FTP server in DMZ and shorewall 1.4.2)
I apologize for the first message. :)
---------------------------------------
I have an FTP server running in the DMZ section of my home network. It uses port 23000 for connection and ports 19990 to 19994 for data transfer.
I have setup the following rule for outside people to connect to it:
DNAT net dmz:192.168.2.2 tcp 23000
I''m at work right now and I can''t use
2003 Jan 02
1
mail server in dmz
Hi, in a three interface firewall I have
eth0, loc, 10.1.5.1/16
eth1, int, 200.41.61.228/29
eth2, dmz, 192.168.1.1/24
(un)fortunately I got a group of public ip?s to use, so here is my problem
in the dmz I have 192.168.1.3 redirected from eth1 alias 200.41.61.226 (a web server,
works perfect).
I am trying to set up a mail server also, a different machine, so I can?t use proxyarp, as
with this,
2003 Jan 21
4
Two diferent LAN''s...
Hi,
I''ve got a question about how to configure the shorewall, and maybe
someone could answer.
I have a PC with 3 ethernet. The eth0 connets to internet. The eth1
connects to LAN A, and the eth2 connects to LAN B. I''ve configured
the shorewall for doing NAT, and both LANs can navigate, but it seems
that from a LAN A host you can connect to a PC of LAN B, and the
other way
2003 Oct 22
2
help seeing DMZ from LOC
I have a three interface network (net,loc,dmz).
The internet interface (eth0) has a static IP.
Windows machine in the local network (eth1) use DHCP to get IPs from
the 192.168.10.0/24 netblock.
The Debian machine in the DMZ (eth2) gets a fixed IP through DHCP in
the 192.168.11.0/24 netblock.
The DHCP server is running on the firewall machine (not ideal, I know,
but that''s the way
2005 Feb 28
1
Mail server on DMZ
Hello,
I have this problem: when my mail server on the DMZ starts a connection to
the internet it''s ip (213.58.230.26) is "masqueraded" with the firewall ip
(213.58.230.50). I wouldn''t mind but there is a one customer who rejects the
connection because it makes reverse dns and finds no dns entry for the
firewall ip.
How can i correct this?
Thanks,
MSantos
shorewall
2005 Jan 18
4
DMZ Recommendations
From reading the documentation, I understand that it is recommended to
put servers that may be at risk in a DMZ served via proxy-arp. In this
case, the local clients that are behind a NAT would have their
connections to the DMZ masqueraded, yes?
Is there any way around this that would still be considered secure?
Just looking for advice.
Thanks,
A.
2004 Nov 01
2
dmz setup
I am trying to add a machine into my dmz. It is the first machine I''ve
ever added to this dmz and fro some reason I cannot establish
communication between the dmz and the machine.
Here is an example of my setup:
ISP router --> firewall (eth0)
firewall (eth1) --> local network
firewall (eth2) --> DMZ
eth0 and eth2 have public IP addresses as does the machine I just added
to
2002 Dec 31
1
Big Brother with Shorewall loc dmz zones?
How would I use Big Brother with Shorewall and my loc and dmz zones to
monitor hosts in both zones?
If Big Brother''s server is on my LAN (loc) is it "safe" to forward the bb
port from the dmz to the LAN? What would the security risks of this be?
Common sense says that it may not be a good idea to forward stuff from the
dmz to the LAN, but I''m inexperienced and unsure
2003 Jan 13
0
Using private & public addresses together in the Shorewall''s DMZ zone
I have one question:
Can I use routable and non-routable IP addreses together in the DMZ zone?
I read the both three-interfaces setup and the Configuration Guide and each one explains how to do the either way? My problem is that, I have to use the public IP address for my DNS server (cannot change that), and setup additional web servers which will do port-forwarding (DNAT) through the firewall
2010 Aug 09
2
Setting up webmail in DMZ
I have a Smoothwall server on my network and am running three network
interfaces off it.
1) local LAN 192.168.0.0 with PCs and an internal dovecot server on
192.168.0.154.
2) internet interface
3) DMZ 192.168.2.0 which has a linux web server 192.168.2.1 on which I
want to install a webmail so I can access my email remotely.
Originally 192.168.2.1 couldn't see the 192.168.0.0 network but with
2007 Jul 26
2
DMZ and LOG
Hello !!
I ve just install shorewall-common and shorewall-shell
I can''t defined a network using the CIDR format for my DMZ in /etc/shorewall/hosts
fast eth2:172.17.0.0/16
epac eth2:172.18.0.0/16
fsa eth2:172.19.0.0/16
bu eth2:172.20.0.0/16
recto eth2:172.21.0.0/16
dmz eth1:81.91.225.224/27
I receive this error:
ERROR: Invalid zone definition for
2002 Aug 20
2
Poor Mans DMZ
Tom,
I have used Shorewall now for 4-5 weeks and I''m really impresssed by the
power and flexibility of the package.
I''m running Two-Interface Firewall with a MASQ''ed Shorewall (on SUSE
8.0) to protect my LAN (5 WIN XP''s and a WIN2K Server acting as PDC).
The Shorewall Linux box has two NIC''s (eth0 to Internet and eth1 to my
LAN Switch) and is also
2004 Aug 22
6
LAN to DMZ zone issues.
Hello all,
Name is Andrew and in desperate need of some info.
Setup:
- Mandrake 9.1 with three interfaces
(eth0 --> WAN) C-class /28 network (with tree virtual addresses which I
am DNAT-ing to the DMZ)
(eth1 --> LAN) A-class 10.0.0.0/8
(eth2 --> DMZ) A-class subnet 10.1.123.0/24
- Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk
Dilemma:
- LAN can not access the DMZ zone