similar to: Two web servers on DMZ zone with private addresses. How to?

That log message looks like someone (or some program) is trying to browse to moreover.com from your web server machine--it''s not a reply to an external request. You''d see messages like that if you were running some sort of HTTP proxy server (like Squid) on that box (although they''d likely be to multiple IPs, unless your users only browsed to p.moreover.com). It could

Hi everyone, I have a question regarding the default gateway for hosts on DMZ zone. I moved servers from parallel to the DMZ (outside the firewall, directly connected to I-net) to inside DMZ. The default gw for these servers was the DSL router(bridge) of my ISP. What should be the default gw (for the hosts inside the DMZ), when hosts are inside the DMZ now - still the DSL router (external

Group, I am reading about tc (traffic control) and willing to get my feet wet. As requirement, there should be HTB compiled in the kernel. I grabbed a Mandrake 8.2 distro, and didn''t installed the kernel source. Anyone knows if the HTB is compiled in Mandrake 8.2, or point a way to find that out? I tried to read the /usr/src/kernel.xxxxx/.config file, but it doesn''t exists.

While I''m in temporary retirement, I''ve decided spend a little time experimenting with new things and making some updates to the web site. The biggest result of this effort to date has been: http://shorewall.sf.net/Shorewall_Squid_Usage.html This outlines how to use Squid as a transparent proxy running on the firewall, in the DMZ or in the local network. In the latter two

To rephrase the question, "Can I use masquerading and proxy ARP in the same zone simultaneously?" It''s not a stupid question--I couldn''t see any reason why it wouldn''t work, but I had actually try it out to convince myself that it did (which isn''t a bad thing to do before posting the question to the list, by the way). In any case, the answer is

I have one question: Can I use routable and non-routable IP addreses together in the DMZ zone? I read the both three-interfaces setup and the Configuration Guide and each one explains how to do the either way? My problem is that, I have to use the public IP address for my DNS server (cannot change that), and setup additional web servers which will do port-forwarding (DNAT) through the firewall

Hi, I am trying to configure the SMTP service on DMZ host. Added the rule: ACCEPT wan dmz:66.58.99.84 tcp pop3 - ACCEPT wan dmz:66.58.99.84 tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp pop3 - issued shorewall clear, shorewall restart, but still couldn''t telnet to the mail server

Can someone help me with this problem: My host on the DMZ is inaccessible from the WAN on port 25. I tried to telnet but getting: $ telnet 66.58.99.84 25 Trying 66.58.99.84... telnet: Unable to connect to remote host: No route to host My shorewall/proxyarp is: #address interface external haveroute 66.58.99.82 eth1 eth0 No 66.58.99.84 eth1

When installing Mandrake 9.0 with the higher security option you cannot ping any of it interfaces, localhost (127.0.0.1) included. All other connections to the system are fine, e.g. ssh, www, squid, etc. "shorewall clear" doesn''t help. Does anyone know how to turn this off for at least localhost and eth1?? Yours truly, Ben

>From http://shorewall.net/ProxyARP.htm (and the Setup Guide): > A word of warning is in order here. ISPs typically configure their > routers with a long ARP cache timeout. If you move a system from > parallel to your firewall to behind your firewall with Proxy ARP, it > will probably be HOURS before that system can communicate with the > internet. You can call your ISP and ask

I am quite new to Linux and have moved (almost) from a windoze NT4 environment. My present configuration is running SuSE V 8.0 with KDE3.0.5 desktop on two machines, connecting with Samba to an NT4 PC, and an occasional laptop or other PC that connects locally to the network. After a deal of searching, researching, and seeking advice I have decided to use Shorewall as my firewall.

Hi! Is there any way to do just plain vanilla TBF (Token Buck Filter) type shaping on a group of ips/networks, not an entire interface. Currently the only way I know how to shape in Linux is to use HTB or CBQ, but both of these need a total rate and then you need to subdivide that into classes. That is not what I want. All I want is Cisco generic traffic shaping style shaping (or similar to how

Anyone, willing to take a lead on this one, since Tom is taking a rest: " I am hosting all servers by myself. I have five static IP addreses with a DSL line. My DSL router from the ISP provider is configured as bridge, so no traffic is filtered. I checked the logs and getting: Jan 5 23:05:12 gw1 kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=66.58.99.86 DST=216.35.73.164 LEN=68

Hi! A couple of weeks ago we started using the Linux TC implementation to shape clients (using HTB) and since then our QoS box started crashing every now and again (talk about inconvenient timing :P). First we suspected hardware, but we replaced the hardware this week and it still keeps crashing. Current machine specs: Celeron 400 MHz 128MB Ram 128MB Compact Flash storage Distribution: stripped

Hello all, Name is Andrew and in desperate need of some info. Setup: - Mandrake 9.1 with three interfaces (eth0 --> WAN) C-class /28 network (with tree virtual addresses which I am DNAT-ing to the DMZ) (eth1 --> LAN) A-class 10.0.0.0/8 (eth2 --> DMZ) A-class subnet 10.1.123.0/24 - Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk Dilemma: - LAN can not access the DMZ zone

Hi, i wonder if there is any need to install shorewall on a machine located in the dmz zone of shorewaal. ( 3 interfaces example) mess-mate -- You are a fluke of the universe; you have no right to be here. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE

Hi! How does prioritization work when you''ve got a tree structure, e.g. | +-- class_a rate 64kbit prio 1 | | | +-- class_a1 rate 32kbit prio 1 | | | `-- class_a2 rate 32kbit prio 2 | `-- class_b rate 64kbit prio 2 Above could either be interpreted as (a) a, a1 have prio 1 b, a2 have prio 2 (iow, no distinction is being made between the inner/nested

What shorewall rules would be required to allow the OSPF routing protocol to pass fw<->loc? Any suggestions would be appreciated. Ben

Hi all, I would like to calculate the area under the ROC curve for my predictive model. I have managed to plot points giving me the ROC curve. However, I do not know how to get the value of the area under. Does anybody know of a function that would give the result I want using an array of specificity and an array of sensitivity as input? Thanks, Olivier -- View this message in context:

Hola, I have a question in regards to ignoring traffic shaping for LAN side that connects to a DMZ IMAP server through the WAN interface. The DMZ and the WAN side are both on a 10/100 switch. Is it possible? Thanks. ~Andrew. OS MDK 9.1 kernel-smp-2.4.21.0.33mdk-1-1mdk HTB; iproute2-2.4.7-7mdk; shorewall-1.4.8-2.2.92mdk