[Shorewall-users] Portforwarding didn't work

stefan.buchwald@twt-gmbh.de stefan.buchwald@twt-gmbh.de
Thu, 24 Jan 2002 11:20:12 +0100




Hallo Tom
sorry =A0the line in the masq file is eth0 =A0 =A0 193.100.201.0/24
and not eth1 as send in the email before.
In the nat file nothing is configured

sorry
Stefan




Hallo Tom,
>Are you using NAT or Masquerading in this setup?

I use Masquerading with the following setting in the masq file

eth1 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0193.100.201.0/24
cu
Stefan

On Wednesday 23 January 2002 10:09 am, stefan.buchwald@twt-gmbh.de wrot=
e:
> Hi
>
> we still configure the shorewall and it is nearly done. but there is =
a
> problem.
> we try to connect from a computer in the internet to a database in ou=
r
> local net. we used the example with SAM from the documentation. and
> configured the computer as DMZ.
>
> Here is the configuration
> zones:
> dmz =A0 =A0 DMZ =A0 =A0 =A0 =A0 =A0 =A0 Demilitarized zone
> net =A0 =A0 Net =A0 =A0 =A0 =A0 =A0 =A0 Internet
> loc =A0 =A0 Local =A0 =A0 =A0 =A0 =A0 Local networks
>
> interfaces:
> loc =A0 =A0 eth1 =A0 =A0 =A0 =A0 =A0 =A0193.100.201.255
> - =A0 =A0 =A0 eth0 =A0 =A0 =A0 =A0 =A0 =A062.159.230.95 =A0 noping
>
> hosts
> dmz =A0 =A0 =A0 =A0 =A0 =A0 eth0:62.159.230.82
> net =A0 =A0 =A0 =A0 =A0 =A0 eth0:0.0.0.0/0
>
> policy:
> #CLIENT =A0 =A0 =A0 =A0 SERVER =A0 =A0 =A0 =A0 =A0POLICY =A0 =A0 =A0 =
=A0 =A0LOG LEVEL
> loc =A0 =A0 =A0 =A0 =A0 =A0 net =A0 =A0 =A0 =A0 =A0 =A0 ACCEPT
> loc =A0 =A0 =A0 =A0 =A0 =A0 dmz =A0 =A0 =A0 =A0 =A0 =A0 ACCEPT
> dmz =A0 =A0 =A0 =A0 =A0 =A0 all =A0 =A0 =A0 =A0 =A0 =A0 CONTINUE
> net =A0 =A0 =A0 =A0 =A0 =A0 all =A0 =A0 =A0 =A0 =A0 =A0 DROP =A0 =A0 =
=A0 =A0 =A0 =A0info
> all =A0 =A0 =A0 =A0 =A0 =A0 all =A0 =A0 =A0 =A0 =A0 =A0 REJECT =A0 =A0=
 =A0 =A0 =A0info
>
> rules:
> #Squid
> ACCEPT =A0 =A0 =A0 =A0 =A0loc =A0 =A0 =A0 fw =A0 =A0 =A0 =A0 =A0 =A0t=
cp =A0 =A0 8080 =A0 =A0- =A0 =A0 =A0 all
> ACCEPT =A0 =A0 =A0 =A0 =A0fw =A0 =A0 =A0 =A0net =A0 =A0 =A0 =A0 =A0 t=
cp =A0 =A0 www,443
> ACCEPT =A0 =A0 =A0 =A0 =A0fw =A0 =A0 =A0 =A0dmz =A0 =A0 =A0 =A0 =A0 t=
cp =A0 =A0 www,443
> ACCEPT =A0 =A0 =A0 =A0 =A0fw =A0 =A0 =A0 =A0loc:193.100.201.116 udp =A0=
 =A0 53 =A0 =A0 =A0- =A0 =A0 =A0 all
> #Sendmail
> ACCEPT =A0 =A0 =A0 =A0 =A0net =A0 =A0 =A0 fw =A0 =A0 =A0 =A0 =A0 =A0t=
cp =A0 =A0 smtp
> ACCEPT =A0 =A0 =A0 =A0 =A0fw =A0 =A0 =A0 =A0loc:193.100.201.2 =A0 tcp=
 smtp
> #DB
> ACCEPT =A0 =A0 =A0 =A0 dmz =A0 =A0 =A0loc:193.100.201.111 tcp 1521,15=
26 - all
> #ACCEPT =A0 =A0 =A0 =A0 =A0dmz =A0 =A0 =A0loc:193.100.201.61 tcp ssh =
=A0 =A0 - all
>
> on the firewall runs a squid and an sendmail und it works.
>
> But with the rules for DB =A0there is no way for a connect to the DB.=

> Whithout the rule for the DB is an error in the logfile (all2all:REJE=
CT)
> and thats ok. But whith the rule activated there is nothing in the lo=
g.
> Is this a problem of the configuration of the =A0firewall or is this =
a
Linux
> problem?????

Are you using NAT or Masquerading in this setup?

=