Displaying 20 results from an estimated 700 matches similar to: "Two web servers on DMZ zone with private addresses. How to?"
2003 Jan 14
1
Two web servers on DMZ zone with private ad dresses. How to?
That log message looks like someone (or some program) is trying to browse to
moreover.com from your web server machine--it''s not a reply to an external
request. You''d see messages like that if you were running some sort of HTTP
proxy server (like Squid) on that box (although they''d likely be to multiple
IPs, unless your users only browsed to p.moreover.com). It could
2003 Jan 13
4
DMZ hosts gateway
Hi everyone,
I have a question regarding the default gateway for hosts on DMZ zone. I moved servers from parallel to the DMZ (outside the firewall, directly connected to I-net) to inside DMZ. The default gw for these servers was the DSL router(bridge) of my ISP.
What should be the default gw (for the hosts inside the DMZ), when hosts are inside the DMZ now - still the DSL router (external
2003 Jan 15
5
HTB. QoS and Shorewall
Group,
I am reading about tc (traffic control) and willing to get my feet wet. As requirement, there should be HTB compiled in the kernel. I grabbed a Mandrake 8.2 distro, and didn''t installed the kernel source.
Anyone knows if the HTB is compiled in Mandrake 8.2, or point a way to find that out? I tried to read the /usr/src/kernel.xxxxx/.config file, but it doesn''t exists.
2003 Jan 09
19
New on the Web Site
While I''m in temporary retirement, I''ve decided spend a little time
experimenting with new things and making some updates to the web site. The
biggest result of this effort to date has been:
http://shorewall.sf.net/Shorewall_Squid_Usage.html
This outlines how to use Squid as a transparent proxy running on the
firewall, in the DMZ or in the local network. In the latter two
2003 Jan 13
5
Using private & public addresses together i n the Shorewall''s DMZ zone
To rephrase the question, "Can I use masquerading and proxy ARP in the same
zone simultaneously?" It''s not a stupid question--I couldn''t see any reason
why it wouldn''t work, but I had actually try it out to convince myself that
it did (which isn''t a bad thing to do before posting the question to the
list, by the way). In any case, the answer is
2003 Jan 13
0
Using private & public addresses together in the Shorewall''s DMZ zone
I have one question:
Can I use routable and non-routable IP addreses together in the DMZ zone?
I read the both three-interfaces setup and the Configuration Guide and each one explains how to do the either way? My problem is that, I have to use the public IP address for my DNS server (cannot change that), and setup additional web servers which will do port-forwarding (DNAT) through the firewall
2003 Jan 06
5
SMTP traffic gets blocked
Hi,
I am trying to configure the SMTP service on DMZ host. Added the rule:
ACCEPT wan dmz:66.58.99.84 tcp pop3 -
ACCEPT wan dmz:66.58.99.84 tcp 25 -
ACCEPT dmz:66.58.99.84 wan tcp 25 -
ACCEPT dmz:66.58.99.84 wan tcp pop3 -
issued shorewall clear, shorewall restart, but still couldn''t telnet to
the mail server
2003 Jan 06
1
SMTP problem
Can someone help me with this problem:
My host on the DMZ is inaccessible from the WAN on port 25. I tried to
telnet but getting:
$ telnet 66.58.99.84 25
Trying 66.58.99.84...
telnet: Unable to connect to remote host: No route to host
My shorewall/proxyarp is:
#address interface external haveroute
66.58.99.82 eth1 eth0 No
66.58.99.84 eth1
2003 Jan 15
3
Mandrake 9.0 won''t ping ...
When installing Mandrake 9.0 with the higher security option you cannot
ping any of it interfaces, localhost (127.0.0.1) included.
All other connections to the system are fine, e.g. ssh, www, squid, etc.
"shorewall clear" doesn''t help.
Does anyone know how to turn this off for at least localhost and eth1??
Yours truly,
Ben
2003 Jan 10
1
Forcing ISP ARP cache to refresh immediately
>From http://shorewall.net/ProxyARP.htm (and the Setup Guide):
> A word of warning is in order here. ISPs typically configure their
> routers with a long ARP cache timeout. If you move a system from
> parallel to your firewall to behind your firewall with Proxy ARP, it
> will probably be HOURS before that system can communicate with the
> internet. You can call your ISP and ask
2003 Jan 14
6
Hardware advice please?
I am quite new to Linux and have moved (almost) from a windoze
NT4 environment.
My present configuration is running SuSE V 8.0 with KDE3.0.5
desktop on two machines, connecting with Samba to an NT4 PC,
and an occasional laptop or other PC that connects locally to the
network.
After a deal of searching, researching, and seeking advice I have
decided to use Shorewall as my firewall.
2004 May 31
2
shaping
Hi!
Is there any way to do just plain vanilla TBF (Token Buck Filter) type
shaping on a group of ips/networks, not an entire interface.
Currently the only way I know how to shape in Linux is to use HTB or CBQ,
but both of these need a total rate and then you need to subdivide that
into classes. That is not what I want. All I want is Cisco generic traffic
shaping style shaping (or similar to how
2003 Jan 06
0
FW: SMTP traffic gets blocked
Anyone, willing to take a lead on this one, since Tom is taking a rest:
"
I am hosting all servers by myself. I have five static IP addreses with a
DSL line. My DSL router from the ISP provider is configured as bridge, so no
traffic is filtered.
I checked the logs and getting:
Jan 5 23:05:12 gw1 kernel: Shorewall:all2all:REJECT:IN= OUT=eth0
SRC=66.58.99.86 DST=216.35.73.164 LEN=68
2002 Dec 13
0
HTB bug?
Hi!
A couple of weeks ago we started using the Linux TC implementation to shape
clients (using HTB) and since then our QoS box started crashing every now
and again (talk about inconvenient timing :P).
First we suspected hardware, but we replaced the hardware this week and it
still keeps crashing. Current machine specs:
Celeron 400 MHz
128MB Ram
128MB Compact Flash storage
Distribution: stripped
2004 Aug 22
6
LAN to DMZ zone issues.
Hello all,
Name is Andrew and in desperate need of some info.
Setup:
- Mandrake 9.1 with three interfaces
(eth0 --> WAN) C-class /28 network (with tree virtual addresses which I
am DNAT-ing to the DMZ)
(eth1 --> LAN) A-class 10.0.0.0/8
(eth2 --> DMZ) A-class subnet 10.1.123.0/24
- Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk
Dilemma:
- LAN can not access the DMZ zone
2007 May 25
4
machine in the dmz zone
Hi,
i wonder if there is any need to install shorewall on a machine
located in the dmz zone of shorewaal. ( 3 interfaces example)
mess-mate
--
You are a fluke of the universe; you have no right to be here.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE
2004 Jun 18
6
priorities + htb
Hi!
How does prioritization work when you''ve got a tree structure, e.g.
|
+-- class_a rate 64kbit prio 1
| |
| +-- class_a1 rate 32kbit prio 1
| |
| `-- class_a2 rate 32kbit prio 2
|
`-- class_b rate 64kbit prio 2
Above could either be interpreted as
(a) a, a1 have prio 1
b, a2 have prio 2
(iow, no distinction is being made between the inner/nested
2004 Aug 18
3
Allowing OSPF
What shorewall rules would be required to allow the OSPF routing protocol to
pass fw<->loc?
Any suggestions would be appreciated.
Ben
2009 Oct 22
5
How to calculate the area under the curve
Hi all,
I would like to calculate the area under the ROC curve for my predictive
model. I have managed to plot points giving me the ROC curve. However, I do
not know how to get the value of the area under.
Does anybody know of a function that would give the result I want using an
array of specificity and an array of sensitivity as input?
Thanks,
Olivier
--
View this message in context:
2005 Apr 04
1
DMZ and WAN
Hola,
I have a question in regards to ignoring traffic shaping for LAN side
that connects to a DMZ IMAP server through the WAN interface.
The DMZ and the WAN side are both on a 10/100 switch.
Is it possible?
Thanks.
~Andrew.
OS MDK 9.1 kernel-smp-2.4.21.0.33mdk-1-1mdk HTB; iproute2-2.4.7-7mdk;
shorewall-1.4.8-2.2.92mdk