[Shorewall-users] Connectivity from "net" zone to system in the "dmz"

Tom Eastep teastep at shorewall.net
Thu Jul 10 23:58:54 PDT 2003


On Thu, 2003-07-10 at 14:43, Graeme Boyle wrote:
> Hello,
> 
> I have a three interface firewall and used the three interface quick start
> guide. I am unable to connect to a system located in the DMZ from the
> Internet however, I am able to control access (changing ports/services on
> and off) from the local network to and from the same system in the DMZ. The
> error message I receive when trying to ssh from the Internet to the system
> in the DMZ is:
> 
> [graeme at kaos graeme]$ ssh zeus.viisage.com
> ssh: connect to address 12.148.248.67 port 22: Connection refused
> 

I notice that 12.148.248.67 isn't one of the IP addresses assigned to
eth0 -- 12.148.248.68 is as close as you come.

I also notice an extremely strange masquerading entry for that IP
address???

These features of your configuration are what I was referring to when I
noted that it was very hard for me to understand what you were trying to
do.

Hope this helps...
-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net



More information about the Shorewall-users mailing list