On 05/06/2010 06:50 AM, Olivier Bourdon wrote: > > I do not own the Firewalls (int-FW and ext-FW) but rules have been > configured properly as:
> > the packet never makes it to int-machine (empty tcpdump outpout) > tcpdump on dmz-machine only shows incoming traffic and no other traffic > not even on lo interface :-( > > Does someone has a clue on what is wrong or if it is possible at all > For this to work: a) int-FW must accept port1 traffic from dmz-machine -> int-machine; and b) You must apply the miserable hack in Shorewall FAQ 1g on dmz-machine (where that FAQ refers to 'public address', just use the address of the machine's only NIC). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
