On 11/20/2017 09:27 AM, Colony.three via Shorewall-users wrote: > >> Are you sure this isn't working. I can connect to the firewall's >> external IP on port 80 and I get the Quantum Equities web site. >> >> -Tom >> >> >> _______________________________________________ >> > > Hm, that's odd. My remote OpenStack instance is CentOS Minimal so no > GUI. I have to use curl to test, and it times out. nc also times out. > This is from a VM at Internap, which I ssh in to from my LAN. No dmesg > errors anywhere. The shorewall counter increments to 2 immediately on > clear, but never increments on curl nor nc from Internap.
Well -- I can browse quantum-equities.com from my local LAN just fine. > > And from inside my LAN I can't pull up quantum-equities.com. (LAN > laptop==>routerSNAT==>internet/50.35.109.212 > <http://50.35.109.212>==>routerNATxxx) > > You mention several times in the docs that accessing it from inside > doesn't work, but I don't understand the dynamics. I should be able to > pull up this domain name from inside the LAN through the router's > external interface, as a regular website shouldn't I? From inside the LAN connected to the Shorewall system, you must also use DNAT if you want to access DMZ servers via the firewall external IP: DNAT loc dmz tcp 80 - 50.35.109.212 or Web(DNAT) loc dmz - - - 50.35.109.122 The latter also DNATs port 443 which apparently isn't being used on the Quantum website. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users