I have an ISP who has seemingly left its local network completely open to me.
While supposedly their RFC1918 addresses should not conflict with the ones on
our network (they told me this), and of course our router only provides DHCP
service to our own LAN, I am still rather annoyed at having conflicting devices
respond to ICMP (ping). The ISP has at least 1500 live LAN IP addresses,
mostly in the 192.168.x.x range, which I have some devices on as well.
I've read the FAQ's and did not find what I was looking for. It seems that
shorewall has removed the "norfc1918" option now. I've tried Google, and tried
many configurations of shorewall to no avail in attempting to limit pinging of
RFC1918 addresses to my own LAN, setup on eth1. The ISP gives me a static
external address, to which our domain name points, which comes in on eth0 of
the linux box.
The problem with the ISP's LAN remaining transparent to me is that it is hard
to find devices with unknown IPs on my local LAN. (I'm still finding and
mapping the network as the new IT guy here, and some things like the Dell
PowerConnect 5224 were on unknown IPs.) Running an nmap to find live IPs
turned up so many from outside of our own LAN that it was impossible to know
which IP was the one I needed.
Additionally, I'm having trouble accessing the domain name of the server from
within the LAN. I can pull up a webpage with an IP address, such as by
10.0.0.1, but the domain cannot be reached. I'm running a Squid transparent
proxy, but as I've tried opening it completely to access of the server, I don't
know if it's a squid problem or a misconfiguration elsewhere. Is there any way
that shorewall can just map the domain name to bypass squid for the fw zone?
For most everything else, the firewall is functioning well. I'm not a trained
techie, so thank you for your graciousness where I may be ignorant. A status
file is attached, and if anything else is needed, let me know. Thank you!
Sincerely,
Erik.
status.tar.gz
Description: application/gzip
------------------------------------------------------------------------------ RSA(R) Conference 2012 Mar 27 - Feb 2 Save $400 by Jan. 27 Register now! http://p.sf.net/sfu/rsa-sfdev2dev2
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
