[Shorewall-users] Portforwarding didn't work

stefan.buchwald@twt-gmbh.de stefan.buchwald@twt-gmbh.de
Thu, 24 Jan 2002 11:20:12 +0100

Hallo Tom
sorry =A0the line in the masq file is eth0 =A0 =A0
and not eth1 as send in the email before.
In the nat file nothing is configured


Hallo Tom,
>Are you using NAT or Masquerading in this setup?

I use Masquerading with the following setting in the masq file

eth1 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0193.100.201.0/24

On Wednesday 23 January 2002 10:09 am, stefan.buchwald@twt-gmbh.de wrot=
> Hi
> we still configure the shorewall and it is nearly done. but there is =
> problem.
> we try to connect from a computer in the internet to a database in ou=
> local net. we used the example with SAM from the documentation. and
> configured the computer as DMZ.
> Here is the configuration
> zones:
> dmz =A0 =A0 DMZ =A0 =A0 =A0 =A0 =A0 =A0 Demilitarized zone
> net =A0 =A0 Net =A0 =A0 =A0 =A0 =A0 =A0 Internet
> loc =A0 =A0 Local =A0 =A0 =A0 =A0 =A0 Local networks
> interfaces:
> loc =A0 =A0 eth1 =A0 =A0 =A0 =A0 =A0 =A0193.100.201.255
> - =A0 =A0 =A0 eth0 =A0 =A0 =A0 =A0 =A0 =A062.159.230.95 =A0 noping
> hosts
> dmz =A0 =A0 =A0 =A0 =A0 =A0 eth0:
> net =A0 =A0 =A0 =A0 =A0 =A0 eth0:
> policy:
> #CLIENT =A0 =A0 =A0 =A0 SERVER =A0 =A0 =A0 =A0 =A0POLICY =A0 =A0 =A0 =
> loc =A0 =A0 =A0 =A0 =A0 =A0 net =A0 =A0 =A0 =A0 =A0 =A0 ACCEPT
> loc =A0 =A0 =A0 =A0 =A0 =A0 dmz =A0 =A0 =A0 =A0 =A0 =A0 ACCEPT
> dmz =A0 =A0 =A0 =A0 =A0 =A0 all =A0 =A0 =A0 =A0 =A0 =A0 CONTINUE
> net =A0 =A0 =A0 =A0 =A0 =A0 all =A0 =A0 =A0 =A0 =A0 =A0 DROP =A0 =A0 =
=A0 =A0 =A0 =A0info
> all =A0 =A0 =A0 =A0 =A0 =A0 all =A0 =A0 =A0 =A0 =A0 =A0 REJECT =A0 =A0=
 =A0 =A0 =A0info
> rules:
> #Squid
> ACCEPT =A0 =A0 =A0 =A0 =A0loc =A0 =A0 =A0 fw =A0 =A0 =A0 =A0 =A0 =A0t=
cp =A0 =A0 8080 =A0 =A0- =A0 =A0 =A0 all
> ACCEPT =A0 =A0 =A0 =A0 =A0fw =A0 =A0 =A0 =A0net =A0 =A0 =A0 =A0 =A0 t=
cp =A0 =A0 www,443
> ACCEPT =A0 =A0 =A0 =A0 =A0fw =A0 =A0 =A0 =A0dmz =A0 =A0 =A0 =A0 =A0 t=
cp =A0 =A0 www,443
> ACCEPT =A0 =A0 =A0 =A0 =A0fw =A0 =A0 =A0 =A0loc: udp =A0=
 =A0 53 =A0 =A0 =A0- =A0 =A0 =A0 all
> #Sendmail
> ACCEPT =A0 =A0 =A0 =A0 =A0net =A0 =A0 =A0 fw =A0 =A0 =A0 =A0 =A0 =A0t=
cp =A0 =A0 smtp
> ACCEPT =A0 =A0 =A0 =A0 =A0fw =A0 =A0 =A0 =A0loc: =A0 tcp=
> #DB
> ACCEPT =A0 =A0 =A0 =A0 dmz =A0 =A0 =A0loc: tcp 1521,15=
26 - all
> #ACCEPT =A0 =A0 =A0 =A0 =A0dmz =A0 =A0 =A0loc: tcp ssh =
=A0 =A0 - all
> on the firewall runs a squid and an sendmail und it works.
> But with the rules for DB =A0there is no way for a connect to the DB.=

> Whithout the rule for the DB is an error in the logfile (all2all:REJE=
> and thats ok. But whith the rule activated there is nothing in the lo=
> Is this a problem of the configuration of the =A0firewall or is this =
> problem?????

Are you using NAT or Masquerading in this setup?