[Shorewall-users] cannot view internal webs

Javier Pardo jpardo at alerce.es
Tue Mar 23 08:57:51 PST 2004


Hello, I have installed Shorewall 2.0b with three interfaces and
squid-proxy.

Also, I have internal DNS server running in the same server where I have my
web page.

 

Connections from internet can view my web pages but not my internal users if
I configure the browser to use squid. Without squid everything it's ok.

 

Here is my shorewall configuration:

 

/etc/shorewall/rules:

 

REDIRECT        loc             8080            tcp     www     -  -

 

DNAT            net             dmz:192.168.1.136       tcp     3000    -
-

DNAT            loc             dmz:192.168.1.136       tcp     3000    -
-

#       Accept DNS connections from the firewall to the Internet

#

ACCEPT          fw              net             tcp     53

ACCEPT          fw              net             udp     53

#       Accept SSH connections from the local network to the firewall and
DMZ

#

ACCEPT          loc             fw              tcp     22

#ACCEPT         loc             dmz             tcp     22

#

#       DMZ DNS access to the Internet

#

ACCEPT          dmz             net             tcp     53

ACCEPT          dmz             net             udp     53

#

#       Make ping work bi-directionally between the dmz, net, Firewall and
local

 zone

#       (assumes that the loc-> net policy is ACCEPT).

#

ACCEPT          net             fw              icmp    8

ACCEPT          loc             fw              icmp    8

ACCEPT          dmz             fw              icmp    8

ACCEPT          loc             dmz             icmp    8

ACCEPT          dmz             loc             icmp    8

ACCEPT          dmz             net             icmp    8

ACCEPT          fw              loc             icmp    8

ACCEPT          fw              dmz             icmp    8

ACCEPT          net             dmz             icmp    8

 

/etc/shorewall/policy

 

loc             net             ACCEPT

 

loc             fw              ACCEPT

loc             loc             ACCEPT

# If you want open access to the Internet from your Firewall

# remove the comment from the following line.

fw              net             ACCEPT

 

fw              dmz             ACCEPT

fw              loc             ACCEPT

# Also If You Wish To Open Up DMZ Access To The Internet

# remove the comment from the following line.

dmz             net             ACCEPT

 

dmz             fw              ACCEPT

dmz             loc             ACCEPT

net             all             DROP            info

all             all             REJECT          info

 

 

Can anyone tell me what I doing wrong?

 

Thank you.

 

 

 



More information about the Shorewall-users mailing list