Thank you for clarifying that there is no direct link between the two nets. However I am assuming that the web server and the firewall have to be able to 'talk' and I am not able to ping from the server to the firewall and vice versa. Also when I point my web browser to the external ip address I get denys in the output log. When I try to connect to 64.171.17.147 I get Feb 21 23:42:33 firewall kernel: Packet log: output DENY eth0 PROTO=6 192.168.1.2:49753 192.168.2.1:80 L=48 S=0x00 I=32564 F=0x4000 T=254 SYN (#8) Any help would be appreciated. I know that I have something misconfigured but I just can't see what it is. Any help is much appreciated, Robert
>OK, you do know that by default you can't access a DMZ server >from the internal network or vice versa. This is the reasoning used >for a proper DMZ in any case. The ip spoofing rules prevent this. One >way of doing this would be to build a route to and from the DMZ >and internal networks, but this really isn't a lot safer than simply >running the DMZ machine on the internal network itself. Another >option that I remember being discussed a year or two ago is to add >another firewall between the DMZ and the internal net and setup >a "safer" route to the internal network. > >I hope this helps ;) >-- > >~Lynn Avants >aka Guitarlynn > >guitarlynn at users.sourceforge.net >http://leaf.sourceforge.net > >If linux isn't the answer, you've probably got the wrong question! > >_______________________________________________ >Leaf-user mailing list >[EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/leaf-user _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user