Greetings!<br><br>Yes, Server A is directly connected to a hub which is then connected to the internet. I intend to use firehol as the firewall for Server A which only have 1 LAN card and will serve as the mail server.<br><br>Yes, netcraf/dnsstuff.com can ping to the server.<br><br>A public proxy is a proxy server used to hide your ip while surfing the net and make use the public server as your front to the internet like in LAN which uses a proxy server to make acces to the internet. My purpose in using this service is for testing. I cannot explain more :D but this is the website for available public proxies http://www.publicproxyservers.com/page1.html<br><br>I'll check again... <br><br>Thanks <br><br>---<br>sandeil<br><br><b><i>"Daniel L. Miller" <dmiller@amfes.com></i></b> wrote:<blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"> Happy to help. Try to keep your replies on-list so everyone can
share.<br><br>I'm still trying to understand your setup. Based on your diagram, it <br>seems Server A is connected directly to the Internet (via a hub) - there <br>is no firewall, gateway, or router. Server B appears to be a gateway. <br>If that is the case, then the script I provided would actually be more <br>appropriate for Server B. However - you said the problem is with Server A.<br><br>If there is no firewall of any kind running on Server A - does it work <br>correctly? My current understanding is you have an Internet connection <br>shared between two machines via a hub. One machine, without a firewall, <br>is currently reachable via the Internet (Server B). The other machine <br>is not - you need to confirm if Server A works properly without a firewall.<br><br>You say you used netcraft/dnsstuff.com - does that mean they can ping <br>Server A currently?<br><br>What do you mean by "public proxy"?<br><br>I think you need to explain a bit further exactly what you
are trying to <br>accomplish.<br><br>--<br>Daniel<br><br><br>seekuel wrote:<br>> Hello Sir Daniel,<br>><br>> To further illustrate:<br>> Server A with only 1 Ethernet card is connected to a HUB which is the <br>> directly connected to the Internet with a public IP. No router.<br>><br>> Server B's function as of now is for mail server. Yes the server can <br>> be tested with the firewall test. But when using a public proxy the <br>> server cannot be accessed further more at home I'm behind ADSL <br>> Internet connection. Still I cannot connect to the server.<br>><br>> I tried to check things from netcraft.net and dnsstuff.com then find <br>> that the server is up.<br>><br>> |-------------|<br>> | Internet |<br>> |-------------|<br>> |<br>>
|<br>> |<br>> |--------------| eth0 |---------| <br>> eth0|--------------| eth1 |--------|<br>> | Server A | ----------------------------| HUB |---------------------| <br>> Server B |------------| LAN |<br>> |--------------| <br>> |---------| |--------------| |--------|<br>><br>> I'll try the script sir and I'll come back to update the result. Once <br>> again thank you.<br>><br>> ----<br>> Sandeil<br>><br>> */"Daniel L. Miller" <dmiller@amfes.com>/* wrote:<br>><br>> seekuel wrote:<br>> > Greetings!<br>> ><br>> > This is my first time to use firehole. The cohsen OS is CentOS.<br>> ><br>> > To make things clearer:<br>> > Server A (firehole is used and is the mail
server)<br>> > Server B (firehole is not used and is the DNS server)<br>> ><br>> > The server A can send and receive mail. But the outside wold cannot<br>> > access the server even if I use a public proxy.<br>> ><br>> > The servers A and B are connected to same hub, server B can<br>> > access/browse the server A. Server B can be publicly access/browes.<br>> ><br>> > I already checked the DNS entry and I see nothing wrong.<br>> ><br>> > Attached is the firehol.conf I used. This was generated using<br>> > /etc/init.d/firehol helpme > /tmp/firehol.conf added and removed<br>> some<br>> > services.<br>> ><br>> I'm not sure what you're asking. Are you saying your Server A<br>> cannot be<br>> seen from the internet? So from a remote site, or using a firewall<br>> test<br>> site, you cannot ping
Server A?<br>><br>> You have no router statements. Is Server A supposed to be an internet<br>> gateway for Server B?<br>><br>> Your configuration shows the same IP (202.163.195.157) and connection<br>> (eth0) for both your internal and external interfaces. That's not<br>> gonna<br>> work. Do you have two NIC's? Is there an actual LAN in place?<br>><br>> I'm going to give you a sample that you can customize further, but<br>> you<br>> may find this more maintainable. Using variables at the top of the<br>> config lets you assign descriptive names to these numbers, and makes<br>> changes easier, and helps with typing errors. I'm assuming you do<br>> have<br>> two NIC's, otherwise we'll need to change the interface names. Give<br>> this a try:<br>><br>> firehol.conf<br>> ---<br>> version 5<br>> LAN_IF="eth0"<br>>
LAN_NET="192.168.0.1/24"<br>> LAN_IP="192.168.0.1"<br>><br>> LAN_DNS_IP="192.168.0.10" (Server B's Address)<br>><br>> EXT_IF="eth1"<br>> EXT_NET="202.163.195.152/29"<br>> EXT_IP="202.163.195.157"<br>><br>> # Provide routing services to internal network for Internet access.<br>> Router statements required below.<br>> snat to "${EXT_IP}" outface "${EXT_IF}" src "${LAN_NET}"<br>><br>> # Allow access to DNS server from Internet. Router statements<br>> required<br>> below.<br>> dnat to "${LAN_DNS_IP}" inface "${EXT_IF}" dst "${EXT_IP}" proto tcp<br>> dport "53"<br>> dnat to "${LAN_DNS_IP}" inface "${EXT_IF}" dst "${EXT_IP}" proto udp<br>> dport "53"<br>><br>> # Allow the internal network complete access to this computer.<br>> # Allow this computer complete access to the internal network.<br>> interface "${LAN_IF}" lan src
"{$LAN_NET}"<br>> policy accept<br>><br>> # Allow limited access from the Internet to this computer.<br>> # Allow this computer complete access to the Internet.<br>> interface "${EXT_IF}" internet src not "${UNROUTABLE_IPS} ${LAN_NET}"<br>> dst "${EXT_IP}"<br>> protection strong 100/sec 50<br>> server ident reject with tcp-reset<br>> server "ICMP imap imaps mysql pop3 pop3s smtp webmin" accept<br>> client all accept<br>><br>> # Allow the internal network complete access to the Internet through<br>> this computer.<br>> router lan2ext inface "${LAN_IF}" outface "${EXT_IF}" src<br>> "${LAN_NET}"<br>> dst not "${UNROUTABLE_IPS}"<br>> route all accept<br>><br>> # Allow limited access to the internal network from the Internet<br>> through<br>> this computer.<br>> router ext2lan inface "${EXT_IF}" outface "${LAN_IF}"<br>> protection
strong 100/sec 50<br>> route ident reject with tcp-reset<br>> route "dns" accept<br>> client all accept<br>><br>> --<br>> Daniel<br>><br><br>-------------------------------------------------------------------------<br>Using Tomcat but need to do more? Need to support web services, security?<br>Get stuff done quickly with pre-integrated technology to make your job easier<br>Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo<br>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642<br>_______________________________________________<br>Firehol-support mailing list<br>Firehol-support@lists.sourceforge.net<br>https://lists.sourceforge.net/lists/listinfo/firehol-support<br></dmiller@amfes.com></blockquote><br><p>
<hr size=1>Groups are talking. We´re listening. Check out the <a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=41144/*http://groups.yahoo.com/local/newemail.html">handy changes to Yahoo! Groups.</a>