On 29.11.2011 02:36, Marek Salwerowicz wrote:
Hello after a longer break ;)
W dniu 2011-10-01 22:02, Freddie Cash pisze:
However, you could setup split-DNS or views and just configure
everything to
connect using hostnames. It's extra work to setup, but does make things
easier
Hello after a longer break ;)
W dniu 2011-10-01 22:02, Freddie Cash pisze:
However, you could setup split-DNS or views and just configure everything to
connect using hostnames. It's extra work to setup, but does make things
easier down-the-road.
I've set up the DNS with views and since one
Apologies if the formatting below gets messed up, writing this on my phone.
On Nov 28, 2011 2:36 PM, Marek Salwerowicz marek_...@wp.pl wrote:
I am confused about one thing - I wanted to set up pipes for my DMZ hosts
(not to allow my hosts to consume all the bandwidth).
When I set up the pipes
W dniu 2011-11-28 23:49, Freddie Cash pisze:
This is something I've never really received a satisfactory answer to. I
believe you have to put your pipe/queue rules in place of your final allow
rules. IOW, the pipe/queue rules are the final rule that a packet touches
in the ruleset.
For example,
W dniu 2011-09-30 17:44, Freddie Cash pisze:
that's the correct behaviour, as the public IPs are physically assigned to
the interfaces on the router. Thus, connecting to the public IPs from the
router ... will connect to the router.
You need to ping the private IPs from the router, since the
On Oct 1, 2011 12:16 PM, Marek Salwerowicz marek_...@wp.pl wrote:
W dniu 2011-09-30 17:44, Freddie Cash pisze:
that's the correct behaviour, as the public IPs are physically assigned
to
the interfaces on the router. Thus, connecting to the public IPs from
the
router ... will connect to the
W dniu 2011-09-29 23:07, Marek Salwerowicz pisze:
So eg. the rules specifying traffic between DMZ Host and LAN could be
the first, and then rules for generic DMZ host traffic (allowing DMZ
access to the Internet)?
So far I made like this (first DMZ-LAN, then DMZ), but I have some
problem:
On Fri, Sep 30, 2011 at 7:57 AM, Marek Salwerowicz marek_...@wp.pl wrote:
W dniu 2011-09-29 23:07, Marek Salwerowicz pisze:
So eg. the rules specifying traffic between DMZ Host and LAN could be the
first, and then rules for generic DMZ host traffic (allowing DMZ access to
the Internet)?
So
On Thu, Sep 29, 2011 at 11:09 AM, Marek Salwerowicz marek_...@wp.pl wrote:
W dniu 2011-09-26 21:20, Freddie Cash pisze:
Your rules are too generic, they will not work for a double-NAT setup.
Each and every single rule must specify the network interface. And it
must
specify whether it's
W dniu 2011-09-29 21:57, Freddie Cash pisze:
In generic terms, the packet flow is like this:
packet comes in on the lan interface
src: lan private subnet dest: server public ip
packet gets NAT'd, then re-injected into the rules
src: lan private subnet dest: server private ip
On Thu, Sep 22, 2011 at 7:24 AM, Marek Salwerowicz marek_...@wp.pl wrote:
W dniu 2011-08-10 16:22, Freddie Cash pisze:
The more correct method is to double-NAT the traffic, such
that the LAN
clients connect to public IPs, and the DMZ servers see
connections from
W dniu 2011-08-10 16:22, Freddie Cash pisze:
The more correct method is to double-NAT the traffic, such
that the LAN
clients connect to public IPs, and the DMZ servers see
connections from
public IPs. It's more complicated to wrap your head around
W dniu 2011-08-09 18:04, Freddie Cash pisze:
On Tue, Aug 9, 2011 at 4:59 AM, Marek Salwerowiczmarek_...@wp.pl wrote:
I have set up a new router for my network, with separated DMZ zone for my
internet servers. I'd like computers from my LAN to be able to connect to
DMZ zone.
My ISP provided
On Tue, Aug 9, 2011 at 11:51 PM, Marek Salwerowicz marek_...@wp.pl wrote:
W dniu 2011-08-09 18:04, Freddie Cash pisze:
On Tue, Aug 9, 2011 at 4:59 AM, Marek Salwerowiczmarek_...@wp.pl
wrote:
I have set up a new router for my network, with separated DMZ zone for my
internet servers. I'd
Hi all,
I have set up a new router for my network, with separated DMZ zone for
my internet servers. I'd like computers from my LAN to be able to
connect to DMZ zone.
My ISP provided me some public IP's, so right now configuration looks
like this:
Router with 4 NICs:
#public ISP
On Aug 9, 2011, at 4:57 AM, Marek Salwerowicz wrote:
Right now everything works from the Internet - if I do ssh to xx.yy.zz.170, I
really can connect to host 192.168.0.10 etc.
The problem is that when I want to connect from my 10.0.0.0/24 network (and
even from router) to any DMZ host,
W dniu 2011-08-09 15:09, Chuck Swiger pisze:
On Aug 9, 2011, at 4:57 AM, Marek Salwerowicz wrote:
Right now everything works from the Internet - if I do ssh to xx.yy.zz.170, I
really can connect to host 192.168.0.10 etc.
The problem is that when I want to connect from my 10.0.0.0/24 network
On Aug 9, 2011, at 6:15 AM, Marek Salwerowicz wrote:
It's not working because you configured natd to work against traffic flowing
via vr3, but traffic from your LAN is coming via vr0. While you can change
natd to run against all traffic, it's much better to avoid re-writing purely
internal
W dniu 2011-08-09 15:26, Chuck Swiger pisze:
dummynet (or Altq, or whatever else you might be using) works fine with pure
routing config, yes-- you don't have to NAT traffic to do bandwidth control on
the router.
How it should be done?
Leave the aliases at my external interface, and then
On Aug 9, 2011, at 6:45 AM, Marek Salwerowicz wrote:
W dniu 2011-08-09 15:26, Chuck Swiger pisze:
dummynet (or Altq, or whatever else you might be using) works fine with pure
routing config, yes-- you don't have to NAT traffic to do bandwidth control
on the router.
How it should be done?
20 matches
Mail list logo
