On Fri,Nov,17,2006, Dusan Vejnovic wrote:
> Subject: [Vserver] Shorewall problems
> [...]
> I have two NICs, one for internal and one for external use. For firewall I
> use shorewall. I set up vserver for web server. And my problem: I can
> access my web server from my internal network. But when I connect from
> outside there not responding from web vserver.
> [...]
> Please help!!!
>
> ----------------------------------------------------
> My configuration of shorewall.
> [...]
Please add ":info" to web vserver related DNAT rules and verify logs (using
grep and filtering on vserver IP) there is no DROP according to your policy
file (net -> dmz).
Try to replace :
DNAT net dmz:192.168.0.35 tcp 80
DNAT net dmz:192.168.0.35 tcp 443
With :
DNAT:info net dmz:192.168.0.35 tcp 80 - 89.x.x.x
DNAT:info net dmz:192.168.0.35 tcp 443 - 89.x.x.x
Why do you add UDP rules for WWW (80/443), WWW proxy (3128) and SSH (22) ?
All of these protocols are TCP ones...
Regards,
Val.
-- .''`. : :' : Laurent Vallar - aka Val - Network & System Staff Engineer `. `' GPG Key: 1024D/C4F38417 - http://www.zbla.net `- _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserverReceived on Mon Nov 20 13:52:24 2006