> I have been using DS cd 1.02 since it came out and I have had no problems. Today I endeavored to put in a webserver on a private DMZ. It is obvious that I am now exceeding my knowledge of this subject. My private net still works but I can't get the dmz to go. I think that the new card is working as it blinks when I ping but who knows... I am sure that I have something wrong as I get denied www packets in the output log but I don't know where I went wrong. I have include every thing I can think of including the output of a debug script I wrote a while back. I really didn't think that *I* would need it. I have one static IP so I a using a PRIVATE DMZ. In short I have made these changes to /etc/network.conf.
It looks like everything is pretty much configured correctly. Your problem seems to be that packets headed for your DMZ webserver (192.168.2.1) are routed out eth0, not eth2, and are being denied by the generic outbound garbage filter. I almost didn't spot the reason, but it's pretty obvious once found: > eth2_IPADDR=192.164.2.254 That should be *168*, not *164*. This is why your setup is acting odd, and why the DMZ system seems disconnected from the world (because it is!). The only other thing I noticed is you're opening the www port twice: > # Indexed list: "SrcAddr/Mask port [ DestAddr[/DestMask] ]" > #EXTERN_TCP_PORT0="5.6.7.8 domain 1.1.1.12" > EXTERN_TCP_PORT1="0/0 www" > EXTERN_TCP_PORT0="0/0 www" The PORT0 and PORT1 definitions are identical...no real harm here (it just creats duplicate allow rules), but you really only need PORT0 defined... NOTE: You should be able to see the machines in the DMZ network from your internal network, but it doesn't work the other way around...the internal network is masqueraded to the DMZ network, just like the internal network gets masqueraded to the internet. You can make outgoing connections from the internal net, but connections inbound from either the internet at large or from the DMZ network are not allowed by default. You can also access any port-forwarded public services using the public IP, very handy if you're running a web server and want to access it by domain name...access other services using the 192.168.2.xx IP address... Hope you get going! Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
