[Shorewall-users] cannot view internal webs

Javier Pardo jpardo at alerce.es
Tue Mar 23 08:57:51 PST 2004

Hello, I have installed Shorewall 2.0b with three interfaces and

Also, I have internal DNS server running in the same server where I have my
web page.


Connections from internet can view my web pages but not my internal users if
I configure the browser to use squid. Without squid everything it's ok.


Here is my shorewall configuration:




REDIRECT        loc             8080            tcp     www     -  -


DNAT            net             dmz:       tcp     3000    -

DNAT            loc             dmz:       tcp     3000    -

#       Accept DNS connections from the firewall to the Internet


ACCEPT          fw              net             tcp     53

ACCEPT          fw              net             udp     53

#       Accept SSH connections from the local network to the firewall and


ACCEPT          loc             fw              tcp     22

#ACCEPT         loc             dmz             tcp     22


#       DMZ DNS access to the Internet


ACCEPT          dmz             net             tcp     53

ACCEPT          dmz             net             udp     53


#       Make ping work bi-directionally between the dmz, net, Firewall and


#       (assumes that the loc-> net policy is ACCEPT).


ACCEPT          net             fw              icmp    8

ACCEPT          loc             fw              icmp    8

ACCEPT          dmz             fw              icmp    8

ACCEPT          loc             dmz             icmp    8

ACCEPT          dmz             loc             icmp    8

ACCEPT          dmz             net             icmp    8

ACCEPT          fw              loc             icmp    8

ACCEPT          fw              dmz             icmp    8

ACCEPT          net             dmz             icmp    8




loc             net             ACCEPT


loc             fw              ACCEPT

loc             loc             ACCEPT

# If you want open access to the Internet from your Firewall

# remove the comment from the following line.

fw              net             ACCEPT


fw              dmz             ACCEPT

fw              loc             ACCEPT

# Also If You Wish To Open Up DMZ Access To The Internet

# remove the comment from the following line.

dmz             net             ACCEPT


dmz             fw              ACCEPT

dmz             loc             ACCEPT

net             all             DROP            info

all             all             REJECT          info



Can anyone tell me what I doing wrong?


Thank you.




More information about the Shorewall-users mailing list