Re: RESOLVED [leaf-user] Shorewall policies symmetric, but web page results are not.

Wed, 13 Apr 2005 06:28:41 -0700 

Rick,

Do tell.  "Documentation" might keep some other guy from pulling all his
hair out.

Tibbs, Richard wrote:
> Sorry list,
> It turned out to be a bind configuration error.
> Rick.
> 
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Tibbs,
> Richard
> Sent: Monday, April 11, 2005 2:16 PM
> To: leaf-user
> Subject: [leaf-user] Shorewall policies symmetric, but web page results
> are not.
> 
> 
> Dear List:
> I have the following configuration
> SLAX internal <--------------> Bering 1.2 <-----------> SLAX external   
> 192.168.10.1        192.168.10.254  192.168.1.254     192.168.1.1  dns 
> 192.168.10.2
> 192.168.1.2 www
> 
> each SLAX machine is configured to bring up bind for dns at IP addresses
> 
> 192.168.10.1 (internal) and 192.168.1.1 (external) resp.
> In addition there is a web server running on 192.168.10.2 (internal) and
> 192.168.1.2 (external).
> 
> The symptom is that external can only load it's own web page
> (extexample.com) whereas internal can load both intexample.com and
> extexample.com.
> Until I add a default route on eth0 (external interface) 
>     gateway 192.168.1.1
> external cannot load internal's web page.
> Why would this be necessary?
> 
> Each SLAX machine is given a default route to the Bering IP on the
> respective side of the fw.
> Shorewall log shows no drops, but
> Shorewall policy is
> loc net ACCEPT
> net loc ACCEPT
> fw  net ACCEPT
> fw  loc ACCPT
> net all DROP ULOG
> all all REJECT ULOG.
> 
> 
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_ide95&alloc_id396&op=ick
> ------------------------------------------------------------------------
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
> ------------------------------------------------------------------------
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
> 


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to