similar to: VPN bridge to LAN, through Firewall

Hi, I''ve just set up a basic ppp firewall/router for my office where initially i want to let everything from LAN to Internet and firewall, everything from firewall to internet, but nothing in from the internet It all seems to work fine accessing the internet. However, i am unable to ssh to my firewall machine, "connection refused" I can ssh from my firewall to the LAN, I can

pc1(LANa) ----poor connection ----> VPS <--------- PC2(LANb) pc1 and pc2 used to connected directly with tinc, since pc1 used to have WAN IP(pppoe), but the pppoe IP is not WAN IP anymore (ISP changed to let all ADSL user in a LAN). if I let the two pc connect to a VPS with tinc, can later connections between pc1 and pc2 be directly ? for example, ssh from pc1 to pc2 but not proxyed by

Hello all, Name is Andrew and in desperate need of some info. Setup: - Mandrake 9.1 with three interfaces (eth0 --> WAN) C-class /28 network (with tree virtual addresses which I am DNAT-ing to the DMZ) (eth1 --> LAN) A-class 10.0.0.0/8 (eth2 --> DMZ) A-class subnet 10.1.123.0/24 - Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk Dilemma: - LAN can not access the DMZ zone

I hope this isn't too long, and I hope it's the correct list. I have a network configuration where I have 2 hosts, A and B. Each has a local LAN on which the run Samba, plus they're connected by a VPN. So has A has addresses lanA and wanA, and host B has addresses lanB and wanB. Because of the way the VPN works, they can talk to each other either via their LAN addresses (lanA

I just got the list confirmation and noticed it''s text only email so here it is again in plain text. Below is the oringal message. Hi all, I am really struggling with this one, I have built a lot of linux machines using IPSEC tunnels and shorewall gateways. I decied to build a new test machine with Debian running 2.4.25 and Shorewall 2.0.15. I have two subnets on their own switches and

Hi, I have the following newbie question, it is possible have two (or more) domains in the same IP subnetwork (e.g. 192.168.10.0/24)? I understand that is not possible have two PDC for the same domain in the same subnetwork, but I'm not sure what happens if we have two domains. Thanks for your help. Regards, -- Mauricio Strello C.

Hello I''m new to the list. I installed a vserver (http://www.linux-vserver.org/) on my gentoo server As network interface is used an alias (eth1:0) eth1 is the card of my "loc" zone. eth1:0 has an address from the same subnet from the vserver I can connect to eth0 but not to the internet. From my local net everything works fine. I have an entry in "mask" for eth1

Hi thanks Roger, I've amended my hosts.allow file to your suggested one - thanks for that. I'm still getting "Connection refused on the client cgi screen as well as in the shell it gives me UPS upsname at ipaddresshere is unavailable... Any ideas what I can try next to debug why it's not working. Also should the "allowfrom = clientIPaddresshere" line be in my monuser

Beta 1 is now available at: http://shorewall.net/pub/shorewall/testing ftp://shorewall.net/pub/shorewall/testing This is a minor release of Shorewall. Problems Corrected: 1) A problem seen on RH7.3 systems where Shorewall encountered start errors when started using the "service" mechanism has been worked around. 2) Where a list of IP addresses appears in the DEST column of a

Hi folks, Has anyone out there done port forwarding or DNAT for UDP packets that are normally sent to the broadcast address (255.255.255.255)? I have to support a nasty database application called FileMaker Pro (those of you who know it are probably groaning about now), which uses broadcasts to locate the database server. Theoretically, i can get around this requirement by using LDAP lookups

Good day, I have tried to forward port 8888 on the firewall to port 80 on an internal IP of 10.40.0.202. Please advise which rule to add to the rules file to achieve this. I have tried to add DNAT net loc:10.40.0.202:80 tcp 8888 But still no luck TIA for you assistance Quentin

Thanks for such a quick reply Tom! Any suggestions then as to what I might do other than putting a second nic in the SBS and opening it up for web access? I don''t like the idea, but since MS SBS includes fireall that is actually what MS suggests. Boyd -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: January 3, 2005 3:05 PM To: Shorewall Users Cc: Boyd

Hello all, a private ip 192.168.x.x win32 box will not connect with psftp (win32 sftp client) to an external public ip ssh/sftp server. but i can connect with console sftp client on my shorewall/unix box to that sftp/ssh server without any problems. i can also use putty (win32 ssh client) from the internal box. now i thought, sftp is also using the ssh port, and netstat on my firewall tells me

Hi can anyone please help. Although I have two servers in the same cabinet/room and sharing the same UPS - they're on different networks. I've tried everything I can find online, but whatever I do I can't get the slave nut client to connect to the master. When testing then on the same LAN, they DO work - but how do I allow the IP of the slave to connect to the master when both on

Hi, after migrating to shorewall firewall from my own iptables rule set (to utilise freeswan vpn tunnels) I have successfully configured a 3 interface firewall with net2net vpn tunnels, with the help of the shorewall documentation. However I cannot seem to configure my final step which is to masq another subnet attached to my LAN (LANB, via Cisco 1603 router) to get internet access via the

Attached is file "QSG-issues-1.0.txt" containing a numbered and commented list of issues collected from contributors and recent lists activity. It might be cool to have these issues in some spiffy issue tracking system like RT or something, but for a low tech start it''ll probably suffice. COMMENTS - IMHO (no particular order): I have searched the archives for additional

Question: If syslinux.efi is loaded locally off USB rather than via an EFI PXE option ROM boot, but on a client whose EFI firmware has TCP support, should that locally-booted syslinux.efi be able to process HTTP URLs? Initial experiments indicate "no", but why not? Purpose: My TCP-capable EFI client is on a subnetwork with broken DHCP not under my control, so I can't

Hi, I am running OpenVPN where i have one central hub VPN server, and multiple spoke VPN clients. I can ping from each client to the server and each client to computers on the subnet which the server resides (192.168.2.0/24) so it works ok there. I cannot however, ping from one client to another client. I guess the packet path would go: clienta -> vpn -> shorewall/router -> vpn ->

Tom Eastep wrote: > On Mon, 2005-01-03 at 15:22 -0800, Boyd Kelly (Coast Systems) wrote: > > Thanks for such a quick reply Tom! > > > > Any suggestions then as to what I might do other than > putting a second > > nic in the SBS and opening it up for web access? I don''t > like the idea, > > but since MS SBS includes fireall that is actually what