Charles Steinkuehler wrote: > > > > > PS: The packets seems to be denied by that rule: > > > > $IPCH -A forward -j DENY -p all -s 0/0 -d 0/0 > > Well, you're going to have to provide a bit more in the way of detail. Your > network.conf file and the output of 'svi network ipfilter list' would be a > good start...
Hi Charles! I found out why it didn't work (a clear case where I should have rtfm I guess...). Since I knew which rule was denying the packets I decided to activate the logging of that rule and found out that the problem was not in accessing the DMZ but in getting a reply from it (ie the source address of the denied packets was in the DMZ and the destination in the internal network). Turns out that when I made the switch from the normal scripts to the extended scripts I defined the "server" as intern and not DMZ... Thanks anyway... Nick PS: There is one thing though which I'm not sure whether it's normal or not... When I access the DMZ from a pc in the internal network using its internal dmz ip number the request (on the dmz "server") seems to come from the dmz interface but if I access it from the public IP address assigned to my external interface the request is logged as coming from the ACTUAL IP address of my pc in the internal network. Is it supposed to behave that way or do I still have something misconfigured DMZ-wise? _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
