[Shorewall-users] Portforwarding within a zone

Tom Eastep teastep@shorewall.net
Sun, 6 Jan 2002 13:03:04 -0800


On Sunday 06 January 2002 12:53 pm, Chris Freeze wrote:
> On 06-Jan-2002 Tom Eastep wrote:
> > What about your local proxy rule?
>
> ACCEPT  local     dmz:192.168.2.42:3128  tcp   http    -  !xx.xx.xx.xx

Understanding your problem is a bit like pealing an onion -- I take off o=
ne=20
layer and there's still 100s more. So since you don't want us to see what=
=20
xx.xx.xx.xx is, we have to assume that it's NOT an RFC1918 address in the=
=20
DMZ. From this I would quess that you must have a rule somewhere that say=
s:

ACCEPT=09local=09xxx:yy.yy.yy.yy=09tcp=09http=09-=09xx.xx.xx.xx

-Tom
--=20
Tom Eastep    \  teastep@shorewall.net
AIM: tmeastep  \  http://www.shorewall.net
ICQ: #60745924  \  Firewalls for Linux 2.4