Hi,
maybe there is something wrong with my tree interface configuration.
I followed http://www.shorewall.net/three-interface.htm, Figure 3 DMZ.
I can access from the DMZ and the loc the firewall/router but can't
access FROM the firewall/router those machines with a https
connection.
A https://machine1:10000 from the firewall/router give me
'Error - Access denied for 192.168.10.254'
here is my ifconfig:
eth0 Link encap:Ethernet HWaddr 00:06:29:34:4C:40
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::206:29ff:fe34:4c40/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:797302 errors:0 dropped:0 overruns:0 frame:0
TX packets:690141 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:491529654 (468.7 MiB) TX bytes:76357668 (72.8 MiB)
eth1 Link encap:Ethernet HWaddr 00:50:BA:F1:65:2F
inet addr:192.168.10.254 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::250:baff:fef1:652f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1086119 errors:0 dropped:0 overruns:0 frame:86
TX packets:760060 errors:0 dropped:0 overruns:0 carrier:0
collisions:29655 txqueuelen:1000
RX bytes:242628796 (231.3 MiB) TX bytes:410624341 (391.6 MiB)
Interrupt:6 Base address:0x7400
eth2 Link encap:Ethernet HWaddr 00:A0:CC:3F:48:3E
inet addr:192.168.20.254 Bcast:192.168.20.255 Mask:255.255.255.0
inet6 addr: fe80::2a0:ccff:fe3f:483e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:45453 errors:1 dropped:0 overruns:0 frame:0
TX packets:49112 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:14544376 (13.8 MiB) TX bytes:36323759 (34.6 MiB)
Interrupt:6 Base address:0x7800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING
MTU:16436 Metric:1
RX packets:113966 errors:0 dropped:0 overruns:0 frame:0
TX packets:113966 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:61524487 (58.6 MiB) TX bytes:61524487 (58.6 MiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:86.192.34.35 P-t-P:193.253.160.3 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:17857 errors:0 dropped:0 overruns:0 frame:0
TX packets:16945 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:7630093 (7.2 MiB) TX bytes:2081788 (1.9 MiB)
And this is a 'route' from machine1 :
Destination Gateway Genmask Flags Metric Ref
Use Iface
192.168.10.0 * 255.255.255.0 U 0 0
0 eth0
default 192.168.10.254 0.0.0.0 UG 0 0
0 eth0
All goes well when i do a http://machine1 or a ssh or whatever
from the router/firewall; only that https won't work.
Https seems closed from the net.
mess-mate
--
Repartee is something we think of twenty-four hours too late.
-- Mark Twain
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
