[Shorewall-users] DMZ Access

Dubba Kor dubbakor at hotmail.com
Sat Aug 2 02:17:54 PDT 2003

Hi All, here is my setup:
RH: 9.0, Kernel: 2.4.20-8, Shorewall: 1.4.6a

net Net
loc Local =>
dmz DMZ =>

net eth0 detect dhcp,routefilter,norfc1918
loc eth1 detect
dmz eth2 detect

loc net ACCEPT
fw net ACCEPT
dmz net ACCEPT
net all DROP info
all all REJECT info

Proxyarp: eth2 eth0 No eth2 eth0 No

ACCEPT fw net tcp 53
ACCEPT fw net udp 53
ACCEPT loc fw tcp 22
ACCEPT loc dmz tcp 22
ACCEPT dmz net tcp 53
ACCEPT dmz net udp 53
ACCEPT net fw icmp 8
ACCEPT loc fw icmp 8
ACCEPT dmz fw icmp 8
ACCEPT loc dmz icmp 8
ACCEPT dmz loc icmp 8
ACCEPT dmz net icmp 8
ACCEPT fw loc icmp 8
ACCEPT fw dmz icmp 8
ACCEPT net dmz icmp 8 # Only with Proxy ARP and

ACCEPT net dmz tcp 80 => This is the only line that I added to the original 
Three Interface files


I am not able to open the web pages from web servers running in DMZ 
( and, but when I ping from to or from the Internet, I get a reply.

How does Shorewall direct http requests from Internet to the DMZ, with 
computers in DMZ having IP addresses and How does it 
know if the request is for or ?

What is missing to reach the web servers in DMZ?

Your help is highly appreciated...thanks in advance !!

MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.  

More information about the Shorewall-users mailing list