[Shorewall-users] RE: [Shorewall-newbies] Can't connect from LAN to port forwardedwebin DMZ. Others connections (like ssh) works fine.

Tom Eastep teastep at shorewall.net
Mon Mar 15 10:28:30 PST 2004


On Monday 15 March 2004 08:59 am, Varga Pavol wrote:
> Thanks for advice, but I already read it.
> Today I move www server from dmz to LAN for easier configuration, but it
> still don't work.
> Probably I do any mistake somewhere. Everyting in documentation and
> manuals seems so simple and I am really glad, that Shorewall is here!
> Please may You check my configurations files?
>
> /etc/shorewall/interfaces
> LAN             eth0            detect  routeback
> Internet        eth2            detect
>
> /etc/shorewall/masq
> eth2    192.168.1.0/24                  217.118.104.9
>
> /etc/shorewall/policy
> #$FW             Internet        ACCEPT          - # ports are set only
> explicit in rules
> #LAN             Internet        ACCEPT          - # for disable online
> games, etc.
> Internet        all             DROP            info
> all             all             REJECT          info
>
> /etc/shorewall/zones
> LAN		LAN			192.168.1.20
> Internet	Internet		217.118.104.9

Zone names have a maximum length of five characters.

>
> /etc/shorewall/rules
> ACCEPT  Internet  $FW     udp     53    - # DNS
> ACCEPT  Internet  $FW     tcp     25,53,80,110,143,389      - # smtp,
> dns, www, pop, imap, ldap
>
> ACCEPT  $FW     Internet        udp     53      - # dns
> ACCEPT  $FW     Internet        tcp     25,53,80,110,143,389  - # smtp,
> dns, www, pop, imap, ldap
>
> ACCEPT  LAN     $FW     udp     53      - # dns
> ACCEPT  LAN     $FW     tcp     53,80,110,143,389,8080        -       #
> dns, ???, pop, imap, ldap, proxy
> ACCEPT  LAN     Internet        tcp     25,53,110,143,389     -       #
> smtp, dns, pop, imap, ldap
>
> REDIRECT        LAN     8080    tcp     80      -       -
> # http proxy from LAN
>
> DNAT    Internet        LAN:192.168.1.10        tcp     80
> -       217.118.104.9   # www
> DNAT    LAN             LAN:192.168.1.10        tcp     80
> -       217.118.104.9:192.168.1.20 #FAQ2

I don't see anything wrong here.

a) What results do you see when you try to connect.
b) Please follow the instructions at http://www.shorewall.net/support.htm in 
the paragraph beginning "This is Important!!" in bold font.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-newbies mailing list