Tom Eastep <[EMAIL PROTECTED]> wrote: | mess-mate wrote: ...snip... | Ok -- it looks like you have configured DNAT so that hosts in your local | network (connected to eth1) will have TCP connections to 86.192.32.248:80 | redirected to 192.168.20.1 (which is in your DMZ connected to eth2). But in | the day and a half since you last [re]started Shorewall, not even one TCP | connection to 86.192.32.248:80 has arrived on eth1!
Uhh..you mean eth2 ? ( dmz on eth2) | How are you trying to test this? You can't test in from the router itself -- | you must test from a system behind the router that has it's default gateway | configured with IP address 192.168.10.254. | | And start by trying to browse http://86.192.32.248/ rather than by DNS name. Trying both http://86.192.32.248 and http://www.mywebsite.fr from a desktop behind the firewall/router give me 'Connection to 86.192.32.248 Failed' | > Shorewall-3.2.6 Dump at router - Mon Mar 26 11:00:29 CEST 2007 | | > Counters reset Sat Mar 24 17:15:49 CET 2007 | > Chain loc2dmz (1 references) | > pkts bytes target prot opt in out source destination | > 0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED | > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 | > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 | > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.20.1 tcp dpt:80 ctorigdst 86.192.32.248 | | When you try to browse http://86.192.32.248/, you should see the 'pkts' and | 'bytes' counts above incrementing. Didn't change. | > 0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 | > | > NAT Table | > | > Chain PREROUTING (policy ACCEPT 117K packets, 33M bytes) | > pkts bytes target prot opt in out source destination | > 1922 280K net_dnat 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none | > 115K 32M loc_dnat 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none | | > Chain loc_dnat (1 references) | > pkts bytes target prot opt in out source destination | > 0 0 DNAT tcp -- * * 0.0.0.0/0 86.192.32.248 tcp dpt:80 to:192.168.20.1 | | When you try to browse http://86.192.32.248/, you should see the 'pkts' and | 'bytes' counts above incrementing. Yes, it does. Someone accessed my website at 18.01. So it works from outside, not from inside except a http://192.168.20.1/ mess-mate -- Q: What is orange and goes "click, click?" A: A ball point carrot. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
