[Shorewall-users] Multiple web servers in DMZ

Joshua Banks l0f33t at yahoo.com
Thu May 29 19:46:36 PDT 2003


Hi Aleksey,

I believe what Tom was asking you to do was to
Actually bind your other public ip addresses that you
own to eth0's nic/ethernet card. This would be the
first step before atempting to configure Shorewall.
Once you get eth0 configured correctly then configure
your shorewall rules appropriately.

Right now I believe that the only ip address that is
bound to eth0's nic/ethernet card is 67.115.131.42 and
this is why this address works and the other/'s won't
forward correctly. I believe the others won't until
you get your ethernet card configured correctly with
the other public ip's that you own, bound to eth0. :)

Hope that helps. If I'm off base Tom please correct
me.

Joshua Banks

--- Tom Eastep <teastep at shorewall.net> wrote:
> On Thu, 29 May 2003 13:56:49 -0700 (PDT), aleksey
> zakharov 
> <aleksey_shorewall at yahoo.com> wrote:
> 
> > My interfaces file contains the following:
> > #ZONE    INTERFACE      BROADCAST       OPTIONS
> > net     eth0            67.115.131.42
> 
> That CAN'T be the broadcast address!!!! Looks like
> the interface address...
> 
> >
> >
> > and my rules file contains the following for port
> 80:
> > # <<< Jupiter >>>
> > DNAT            net       dmz:192.168.6.2      
> tcp     80      -       
> > 67.115.131.42
> > # <<< viking >>>
> > DNAT            net       dmz:192.168.6.5      
> tcp     80      -       
> > 67.115.131.43
> > the 67.115.131.42 works but 67.115.131.43 which is
> a new web server 
> > doesnt' work.
> >
> 
> If one more person tells me something "doesn't work"
> without any more 
> information, I'm going to quit answering questions
> on this list during the 
> day. I've simply don't have time while I'm at work
> to drag the details out 
> of each and every person...
> 
> a) What happens when you try to connect to
> http://67.115.131.43? Timeout?, 
> Connection refused?, client computer explodes?
> b) Did you try telnetting to 67.115.131.43 80? If
> so, what response did you 
> get? If not, please try that.
> c) Can you ping to 67.115.131.43?
> d) Have you looked at FAQ #1a and #1b -- there are
> tips there for debugging 
> port forwarding problems?
> e) What does "ip addr show eth0" give you?
> 
> -Tom
> -- 
> Tom Eastep    \ Shorewall - iptables made easy
> Shoreline,     \ http://www.shorewall.net
> Washington USA  \ teastep at shorewall.net
> 
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users at lists.shorewall.net
> Subscribe/Unsubscribe:
>
http://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm

__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com


More information about the Shorewall-users mailing list