[Shorewall-users] Portforwarding didn't work

stefan.buchwald@twt-gmbh.de stefan.buchwald@twt-gmbh.de
Wed, 23 Jan 2002 19:09:39 +0100


we still configure the shorewall and it is nearly done. but there is a
we try to connect from a computer in the internet to a database in our
local net. we used the example with SAM from the documentation. and
configured the computer as DMZ.

Here is the configuration
dmz =A0 =A0 DMZ =A0 =A0 =A0 =A0 =A0 =A0 Demilitarized zone
net =A0 =A0 Net =A0 =A0 =A0 =A0 =A0 =A0 Internet
loc =A0 =A0 Local =A0 =A0 =A0 =A0 =A0 Local networks

loc =A0 =A0 eth1 =A0 =A0 =A0 =A0 =A0 =A0193.100.201.255
- =A0 =A0 =A0 eth0 =A0 =A0 =A0 =A0 =A0 =A062.159.230.95 =A0 noping

dmz =A0 =A0 =A0 =A0 =A0 =A0 eth0:
net =A0 =A0 =A0 =A0 =A0 =A0 eth0:

#CLIENT =A0 =A0 =A0 =A0 SERVER =A0 =A0 =A0 =A0 =A0POLICY =A0 =A0 =A0 =A0=
loc =A0 =A0 =A0 =A0 =A0 =A0 net =A0 =A0 =A0 =A0 =A0 =A0 ACCEPT
loc =A0 =A0 =A0 =A0 =A0 =A0 dmz =A0 =A0 =A0 =A0 =A0 =A0 ACCEPT
dmz =A0 =A0 =A0 =A0 =A0 =A0 all =A0 =A0 =A0 =A0 =A0 =A0 CONTINUE
net =A0 =A0 =A0 =A0 =A0 =A0 all =A0 =A0 =A0 =A0 =A0 =A0 DROP =A0 =A0 =A0=
 =A0 =A0 =A0info
all =A0 =A0 =A0 =A0 =A0 =A0 all =A0 =A0 =A0 =A0 =A0 =A0 REJECT =A0 =A0 =
=A0 =A0 =A0info

ACCEPT =A0 =A0 =A0 =A0 =A0loc =A0 =A0 =A0 fw =A0 =A0 =A0 =A0 =A0 =A0tcp=
 =A0 =A0 8080 =A0 =A0- =A0 =A0 =A0 all
ACCEPT =A0 =A0 =A0 =A0 =A0fw =A0 =A0 =A0 =A0net =A0 =A0 =A0 =A0 =A0 tcp=
 =A0 =A0 www,443
ACCEPT =A0 =A0 =A0 =A0 =A0fw =A0 =A0 =A0 =A0dmz =A0 =A0 =A0 =A0 =A0 tcp=
 =A0 =A0 www,443
ACCEPT =A0 =A0 =A0 =A0 =A0fw =A0 =A0 =A0 =A0loc: udp =A0=
 =A0 53 =A0 =A0 =A0- =A0 =A0 =A0 all
ACCEPT =A0 =A0 =A0 =A0 =A0net =A0 =A0 =A0 fw =A0 =A0 =A0 =A0 =A0 =A0tcp=
 =A0 =A0 smtp
ACCEPT =A0 =A0 =A0 =A0 =A0fw =A0 =A0 =A0 =A0loc: =A0 tcp s=
ACCEPT =A0 =A0 =A0 =A0 dmz =A0 =A0 =A0loc: tcp 1521,1526=
 - all
#ACCEPT =A0 =A0 =A0 =A0 =A0dmz =A0 =A0 =A0loc: tcp ssh =A0=
 =A0 - all

on the firewall runs a squid and an sendmail und it works.

But with the rules for DB =A0there is no way for a connect to the DB.
Whithout the rule for the DB is an error in the logfile (all2all:REJECT=
and thats ok. But whith the rule activated there is nothing in the log.=

Is this a problem of the configuration of the =A0firewall or is this a =
The firewall runs on a SUSE 7.3 without any Patch

Any idea???
sorry for my bad english
best regards

Stefan Buchwald

Stuttgart, Germany