[Shorewall-users] Portforwarding didn't work

stefan.buchwald@twt-gmbh.de stefan.buchwald@twt-gmbh.de
Wed, 23 Jan 2002 19:09:39 +0100


Hi

we still configure the shorewall and it is nearly done. but there is a
problem.
we try to connect from a computer in the internet to a database in our
local net. we used the example with SAM from the documentation. and
configured the computer as DMZ.

Here is the configuration
zones:
dmz =A0 =A0 DMZ =A0 =A0 =A0 =A0 =A0 =A0 Demilitarized zone
net =A0 =A0 Net =A0 =A0 =A0 =A0 =A0 =A0 Internet
loc =A0 =A0 Local =A0 =A0 =A0 =A0 =A0 Local networks

interfaces:
loc =A0 =A0 eth1 =A0 =A0 =A0 =A0 =A0 =A0193.100.201.255
- =A0 =A0 =A0 eth0 =A0 =A0 =A0 =A0 =A0 =A062.159.230.95 =A0 noping

hosts
dmz =A0 =A0 =A0 =A0 =A0 =A0 eth0:62.159.230.82
net =A0 =A0 =A0 =A0 =A0 =A0 eth0:0.0.0.0/0

policy:
#CLIENT =A0 =A0 =A0 =A0 SERVER =A0 =A0 =A0 =A0 =A0POLICY =A0 =A0 =A0 =A0=
 =A0LOG LEVEL
loc =A0 =A0 =A0 =A0 =A0 =A0 net =A0 =A0 =A0 =A0 =A0 =A0 ACCEPT
loc =A0 =A0 =A0 =A0 =A0 =A0 dmz =A0 =A0 =A0 =A0 =A0 =A0 ACCEPT
dmz =A0 =A0 =A0 =A0 =A0 =A0 all =A0 =A0 =A0 =A0 =A0 =A0 CONTINUE
net =A0 =A0 =A0 =A0 =A0 =A0 all =A0 =A0 =A0 =A0 =A0 =A0 DROP =A0 =A0 =A0=
 =A0 =A0 =A0info
all =A0 =A0 =A0 =A0 =A0 =A0 all =A0 =A0 =A0 =A0 =A0 =A0 REJECT =A0 =A0 =
=A0 =A0 =A0info

rules:
#Squid
ACCEPT =A0 =A0 =A0 =A0 =A0loc =A0 =A0 =A0 fw =A0 =A0 =A0 =A0 =A0 =A0tcp=
 =A0 =A0 8080 =A0 =A0- =A0 =A0 =A0 all
ACCEPT =A0 =A0 =A0 =A0 =A0fw =A0 =A0 =A0 =A0net =A0 =A0 =A0 =A0 =A0 tcp=
 =A0 =A0 www,443
ACCEPT =A0 =A0 =A0 =A0 =A0fw =A0 =A0 =A0 =A0dmz =A0 =A0 =A0 =A0 =A0 tcp=
 =A0 =A0 www,443
ACCEPT =A0 =A0 =A0 =A0 =A0fw =A0 =A0 =A0 =A0loc:193.100.201.116 udp =A0=
 =A0 53 =A0 =A0 =A0- =A0 =A0 =A0 all
#Sendmail
ACCEPT =A0 =A0 =A0 =A0 =A0net =A0 =A0 =A0 fw =A0 =A0 =A0 =A0 =A0 =A0tcp=
 =A0 =A0 smtp
ACCEPT =A0 =A0 =A0 =A0 =A0fw =A0 =A0 =A0 =A0loc:193.100.201.2 =A0 tcp s=
mtp
#DB
ACCEPT =A0 =A0 =A0 =A0 dmz =A0 =A0 =A0loc:193.100.201.111 tcp 1521,1526=
 - all
#ACCEPT =A0 =A0 =A0 =A0 =A0dmz =A0 =A0 =A0loc:193.100.201.61 tcp ssh =A0=
 =A0 - all

on the firewall runs a squid and an sendmail und it works.

But with the rules for DB =A0there is no way for a connect to the DB.
Whithout the rule for the DB is an error in the logfile (all2all:REJECT=
)
and thats ok. But whith the rule activated there is nothing in the log.=

Is this a problem of the configuration of the =A0firewall or is this a =
Linux
problem?????
The firewall runs on a SUSE 7.3 without any Patch

Any idea???
sorry for my bad english
best regards

Stefan Buchwald

Stuttgart, Germany
=