similar to: Network Redesign

Hi, Below is my Linux firewall network configuration: - eth0 - isp 1, IP: 1.1.1.10, Netmask: 255.255.255.252 eth1 - isp 2, IP: 2.2.2.10, Netmask: 255.255.255.252 eth2 - lan, IP: 172.16.0.254, Netmask: 255.255.255.0 eth3 - dmz, 192.168.0.254, Netmask: 255.255.255.0 isp 1 gateway: 1.1.1.9 isp 2 gateway: 2.2.2.9 Below is my iptables rules: - echo 1 > /proc/sys/net/ipv4/ip_forward iptables

Hello everybody. I could not find an answer to my problem in the archive. (But that may just be me :-) ) I have a problem with proxy arp and connection from loc (localnet) and from the firewall. Works fine from internet to dmz / proxy arp and vise versa. I have a feeling the solution is simple, but I''m no guru in Linux routing etc. The problem seems to be the routing setup. loc -

Greetings all, I''m a bit of a linux rookie, but a friend and I have built a firewall running Shorewall 1.4.6c over a minimal install of Redhat 9. Out network setup looks something like this: Cable Modem : eth0 :12.xxx.xxx.3 (Zone is named INSIGHT) Campus Lan : eth1 : 10.176.9.21 (Zone is named MULAN) DMZ : eth2 : 192.168.1.0 255.255.255.0 (Zone is named DMZ) Currently, I

Hi Alex, and thanks for your time. Probably not. The servers are only configured like they where when they where parallel to the fw. Just the default gateway, same as for the external interface on the fw. That''s what the documentation instructed to configure the servers using arp. But is it required with extra configuration on the server connected via proxy arp? Or is it some parameter

Hi all, In threads posted by I believe Jonathan Tripley I promised to post my new XEN HA setup. Hope it can be of some use to some people. In this particular case I''m forced to use SLES 10SP3 with XEN 3.2, which excludes the possibility of using things like cLVM (which I don''t think I need anyway). So: Storage: I use two HP ML370 G5 machines with DRBD and heartbeat on

Hello newsgroup, I hope somebody with more routing experience then me can help me with the problem I have. The setup is as described below. A dual internet provider routing, multiple local area networks, and a dmz network with one public and one private ip range. I followed the instructions at lartc.org, and so far everything is working. The default route is via

Hello all, Name is Andrew and in desperate need of some info. Setup: - Mandrake 9.1 with three interfaces (eth0 --> WAN) C-class /28 network (with tree virtual addresses which I am DNAT-ing to the DMZ) (eth1 --> LAN) A-class 10.0.0.0/8 (eth2 --> DMZ) A-class subnet 10.1.123.0/24 - Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk Dilemma: - LAN can not access the DMZ zone

In an effert move my Dmz from a snapqear roouter to Linux with shorewall. Question is I have network 64.42.53.200/29 which makes default gw 64.42.53.201 network 64.42.53.200 broadcast 64.42.53.207 mask 255.255.255.248 and I want to set up shorewall with eth0 64.42.53.202 eth1 local eth2 dmz where dmz will use say 64.42.53.203 for web and email server. Where I do not need or should I say use

I have the problem when my localnetwork do telnet to the net Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth2 my files are the following: policy #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST loc net CONTINUE info loc fw ACCEPT info loc loc ACCEPT loc dmz ACCEPT info fw

Hello !! I ve just install shorewall-common and shorewall-shell I can''t defined a network using the CIDR format for my DMZ in /etc/shorewall/hosts fast eth2:172.17.0.0/16 epac eth2:172.18.0.0/16 fsa eth2:172.19.0.0/16 bu eth2:172.20.0.0/16 recto eth2:172.21.0.0/16 dmz eth1:81.91.225.224/27 I receive this error: ERROR: Invalid zone definition for

I have been trying to get DNAT to work and I actually have succeeded too, however, not how I thought it would work when reading through the documentation. 1. No matter what I do I cannot get DNAT to work unless I have an entry in eiter the nat or the proxyarp file. Is that really how it''s supposed to be? I can''t find anything about it in the documentation. 2. Also, in the

hi list, i got a small problem. here is my setup: WAN | | | bridged $FW-------DMZ | | masqueraded | LOCAL my shorewall machine ($FW) got three interfaces: eth0 eth1 eth2 * eth0 is connected to the WAN * eth1 is connected to my DMZ * eth2 is connected to LOCAL network i manage a whole C class (public adresses) in my DMZ, let''s say X.Y.Z.0/24 * my router

I have a 3 nic setup with shorewall 1.4.8-1 running on redhat 9. My eth2 (dmz zone)has 7 secondary address attached to it. I can ping a machine in each subnet, dmz to net rules seem to be working fine on all machines.. I have my policy set as dmz to dmz accept. If I try to ping between subnets I get Nov 21 12:18:45 kbeewall kernel: Shorewall:FORWARD:REJECT:IN=eth2 OUT=eth2 SRC=172.17.0.2

Hello, I've been trying to implement a bridge in place for a clustered firewall at one of our office locations. Currently we NAT two class C's internally. We decided, for performance reasons, that it would make sense to put our servers into an official DMZ. So we started this bridging project. Our goal is to have two redundant firewalls in place. There is no need for active/active.

Hello Tom, I am not sure if you can help with this but I am at my wits end. If you hit this site and do a force refresh (ctrl + F5) the site will time out and lose connections. Do the same on port 443 and it does not time out??? The web site I am reffering to is www.tituswill.com I think the only problem is port 80. Do you have any idea how to diagnose this I have sent a dump of just

Hi all, This proposes a redesign of LLD’s symbol table in order to improve memory locality by minimizing indirection when resolving relocations. The key idea is that we perform symbol resolution by overwriting SymbolBodies, rather than by updating pointers. This is based on some ideas mentioned by Rafael on IRC. Conceptually, we split Symbol into a non-polymorphic part and a polymorphic part (a

What changes would I need to make if there is a 4th interface that is going to a DMZ Thanks Gene

Hello all, I''ve read the shorewall guides and browsed through the mailing lists, but I haven''t been able to find out if the following is possible or not using shorewall. Our provider has given us 16 IPs + 4 in a separate range for our uplink. I would like to replace that router with a Linux box running shorewall with three interfaces. I want the DMZ to be a standard, routed

I am trying to add a machine into my dmz. It is the first machine I''ve ever added to this dmz and fro some reason I cannot establish communication between the dmz and the machine. Here is an example of my setup: ISP router --> firewall (eth0) firewall (eth1) --> local network firewall (eth2) --> DMZ eth0 and eth2 have public IP addresses as does the machine I just added to

I have a three interface network (net,loc,dmz). The internet interface (eth0) has a static IP. Windows machine in the local network (eth1) use DHCP to get IPs from the 192.168.10.0/24 netblock. The Debian machine in the DMZ (eth2) gets a fixed IP through DHCP in the 192.168.11.0/24 netblock. The DHCP server is running on the firewall machine (not ideal, I know, but that''s the way