[Shorewall-users] Portforwarding didn't work

stefan.buchwald@twt-gmbh.de stefan.buchwald@twt-gmbh.de
Thu, 24 Jan 2002 11:15:12 +0100



Hallo Tom,

>Are you using NAT or Masquerading in this setup?

I use Masquerading with the following setting in the masq file

eth1 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0193.100.201.0/24
cu
Stefan
|------------------------+------------------------+--------------------=
----|
|                        |   Tom Eastep           |                    =
    |
|                        |   <teastep@shorewall.ne|   =A0 =A0 =A0 =A0 T=
o:          |
|                        |   t>                   |   stefan.buchwald@t=
wt-g|
|                        |   Sent by:             |   mbh.de,          =
    |
|                        |   shorewall-users-admin|   shorewall-users@s=
hore|
|                        |   @shorewall.net       |   wall.net         =
    |
|                        |                        |   =A0 =A0 =A0 =A0 c=
c:          |
|                        |   23.01.2002 22:31     |   =A0 =A0 =A0 =A0 S=
ubject:     |
|                        |                        |   Re: [Shorewall-us=
ers]|
|                        |                        |   Portforwarding di=
dn't|
|                        |                        |   work             =
    |
|------------------------+------------------------+--------------------=
----|






On Wednesday 23 January 2002 10:09 am, stefan.buchwald@twt-gmbh.de wrot=
e:
> Hi
>
> we still configure the shorewall and it is nearly done. but there is =
a
> problem.
> we try to connect from a computer in the internet to a database in ou=
r
> local net. we used the example with SAM from the documentation. and
> configured the computer as DMZ.
>
> Here is the configuration
> zones:
> dmz =A0 =A0 DMZ =A0 =A0 =A0 =A0 =A0 =A0 Demilitarized zone
> net =A0 =A0 Net =A0 =A0 =A0 =A0 =A0 =A0 Internet
> loc =A0 =A0 Local =A0 =A0 =A0 =A0 =A0 Local networks
>
> interfaces:
> loc =A0 =A0 eth1 =A0 =A0 =A0 =A0 =A0 =A0193.100.201.255
> - =A0 =A0 =A0 eth0 =A0 =A0 =A0 =A0 =A0 =A062.159.230.95 =A0 noping
>
> hosts
> dmz =A0 =A0 =A0 =A0 =A0 =A0 eth0:62.159.230.82
> net =A0 =A0 =A0 =A0 =A0 =A0 eth0:0.0.0.0/0
>
> policy:
> #CLIENT =A0 =A0 =A0 =A0 SERVER =A0 =A0 =A0 =A0 =A0POLICY =A0 =A0 =A0 =
=A0 =A0LOG LEVEL
> loc =A0 =A0 =A0 =A0 =A0 =A0 net =A0 =A0 =A0 =A0 =A0 =A0 ACCEPT
> loc =A0 =A0 =A0 =A0 =A0 =A0 dmz =A0 =A0 =A0 =A0 =A0 =A0 ACCEPT
> dmz =A0 =A0 =A0 =A0 =A0 =A0 all =A0 =A0 =A0 =A0 =A0 =A0 CONTINUE
> net =A0 =A0 =A0 =A0 =A0 =A0 all =A0 =A0 =A0 =A0 =A0 =A0 DROP =A0 =A0 =
=A0 =A0 =A0 =A0info
> all =A0 =A0 =A0 =A0 =A0 =A0 all =A0 =A0 =A0 =A0 =A0 =A0 REJECT =A0 =A0=
 =A0 =A0 =A0info
>
> rules:
> #Squid
> ACCEPT =A0 =A0 =A0 =A0 =A0loc =A0 =A0 =A0 fw =A0 =A0 =A0 =A0 =A0 =A0t=
cp =A0 =A0 8080 =A0 =A0- =A0 =A0 =A0 all
> ACCEPT =A0 =A0 =A0 =A0 =A0fw =A0 =A0 =A0 =A0net =A0 =A0 =A0 =A0 =A0 t=
cp =A0 =A0 www,443
> ACCEPT =A0 =A0 =A0 =A0 =A0fw =A0 =A0 =A0 =A0dmz =A0 =A0 =A0 =A0 =A0 t=
cp =A0 =A0 www,443
> ACCEPT =A0 =A0 =A0 =A0 =A0fw =A0 =A0 =A0 =A0loc:193.100.201.116 udp =A0=
 =A0 53 =A0 =A0 =A0- =A0 =A0 =A0 all
> #Sendmail
> ACCEPT =A0 =A0 =A0 =A0 =A0net =A0 =A0 =A0 fw =A0 =A0 =A0 =A0 =A0 =A0t=
cp =A0 =A0 smtp
> ACCEPT =A0 =A0 =A0 =A0 =A0fw =A0 =A0 =A0 =A0loc:193.100.201.2 =A0 tcp=
 smtp
> #DB
> ACCEPT =A0 =A0 =A0 =A0 dmz =A0 =A0 =A0loc:193.100.201.111 tcp 1521,15=
26 - all
> #ACCEPT =A0 =A0 =A0 =A0 =A0dmz =A0 =A0 =A0loc:193.100.201.61 tcp ssh =
=A0 =A0 - all
>
> on the firewall runs a squid and an sendmail und it works.
>
> But with the rules for DB =A0there is no way for a connect to the DB.=

> Whithout the rule for the DB is an error in the logfile (all2all:REJE=
CT)
> and thats ok. But whith the rule activated there is nothing in the lo=
g.
> Is this a problem of the configuration of the =A0firewall or is this =
a
Linux
> problem?????

Are you using NAT or Masquerading in this setup?

-Tom
--
Tom Eastep =A0 =A0\ A Firewall for Linux 2.4.*
AIM: tmeastep =A0\ http://www.shorewall.net
ICQ: #60745924 =A0\ teastep@shorewall.net
_______________________________________________
Shorewall-users mailing list
Shorewall-users@shorewall.net
http://www.shorewall.net/mailman/listinfo/shorewall-users

=