[Shorewall-newbies] Can't connect from LAN to port forwarded web in DMZ. Others connections (like ssh) works fine.

Tom Eastep teastep at shorewall.net
Sun Mar 14 13:02:27 PST 2004

Varga Pavol wrote:

> Hi,
> I have som trouble with connection to my port forwarded www server from
> LAN and from firewall. (from Internet it works)
> I use three-interface firewall with masquerading LAN & DMZ and port
> forwarding some services.
> lynx from firewall to www.myserver.sk returns:
> Alert!: Unable to connect to remote host.
> lynx from firewall to local IP for the first ask me to allow cookies,
> and then returns:
> Looking up first
> Looking up
> Making HTTP connection to
> Sending HTTP request.
> HTTP request sent; waiting for response.
> HTTP/1.1 302 Object moved
> 'A'lways allowing from domain ''.
> Data transfer complete
> HTTP/1.1 302 Object moved
> Looking up www.myserver.sk
> Making HTTP connection to www.myserver.sk
> Alert!: Unable to connect to remote host.
> When I tried www.myserver.sk from LAN, the Squid returns:
> While trying to retrieve the URL: http://www.myserver.sk/ 
> The following error was encountered: 
> Connection Failed 
> The system returned: 
>     (111) Connection refusedThe remote host or network may be down.
> Please try the request again.
> And when I tried local IP of myserver, the web browser still resolve it
> to www.myserver.sk and then returns the same error like above.
> Plesase, where is the problem? I thnik that rules between each other
> zones I set correctly.

See Shorewall faq #2.

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-newbies mailing list