Hi all!
Our shorewall is configured with a separate interface and zone for dmz
hosts.
$ zones
fw firewall
net ipv4
loc ipv4
dmz ipv4
$ interfaces
net eth0detect
tcpflags,nosmurfs,routefilter,optional
loc eth1detect routeback,dhcp,tc
On Tue, 26 Oct 2021 07:49:25 +
"Nicola Ferrari (#554252)" wrote:
> We can reach webserver without any issue using public ip 1.2.3.4 from
> loc and net zone, but not from dmz itself.
> (Connection goes timeout)
>
> Also, dmz host can surf any other net host, except from its own
> public ip a
On 26/10/2021 10:43, Tuomo Soini wrote:
Because you likely have limited number of servers in dmz, you can give
your names proper internal addresses by setting their real (not public)
addresses in /etc/hosts on all servers so that packets won't go to
firewall.
Yeah, could be a solution, but, I e
On 26/10/2021 11:48, Nicola Ferrari (#554252) wrote:
On 26/10/2021 10:43, Tuomo Soini wrote:
Because you likely have limited number of servers in dmz, you can give
your names proper internal addresses by setting their real (not public)
addresses in /etc/hosts on all servers so that packets won't
