Re: [Vserver] Shorewall problems:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: [Vserver] Shorewall problems

From: Herbert Poetzl <herbert_at_13thfloor.at>
Date: Mon 20 Nov 2006 - 17:47:44 GMT
Message-ID: <20061120174744.GD20079@MAIL.13thfloor.at>

On Mon, Nov 20, 2006 at 02:01:45PM +0100, Dusan Vejnovic wrote:
> Hi!!! I have two NICs, one for internal and one for external use. For
> firewall I use shorewall. I set up vserver for web server. And my
> problem: I can access my web server from my internal network. But when
> I connect from outside there not responding from web vserver.

see previous reply :)

> Please help!!!
>
> ----------------------------------------------------
> My configuration of shorewall.
> eth0: internal network (loc, dmz)
> eth1: external network (net)
>
> - interfaces
> - eth0
> net eth1 detect tcpflags,dhcp,routefilter,norfc1918,nosmurfs,logmartians
> - zones
> fw firewall
> net ipv4
> loc ipv4
> dmz ipv4
>
> - policy
> loc net ACCEPT
> loc dmz ACCEPT
> loc $FW REJECT info
> loc all REJECT info
> $FW net ACCEPT
> $FW dmz REJECT info
> $FW loc REJECT info
> $FW all REJECT info
> dmz net ACCEPT
> dmz $FW REJECT info
> dmz loc REJECT info
> dmz all REJECT info
> net dmz DROP info
> net $FW DROP info
> net loc DROP info
> net all DROP info
> all all REJECT info
>
> - masq
> eth1 eth0 89.x.x.x
>
> - hosts
> loc eth0:192.168.0.1-192.168.0.19,192.168.0.100-192.168.0.150 routeback,tcpflags
> dmz eth0:192.168.0.20-192.168.0.99,192.168.0.151-192.168.0.253 routeback,tcpflags
>
> - rules
> ACCEPT $FW net tcp 53
> ACCEPT $FW net udp 53
> ACCEPT net $FW tcp 53
> ACCEPT net $FW udp 53
> ACCEPT loc $FW tcp 53
> ACCEPT loc $FW udp 53
> ACCEPT dmz net tcp 53
> ACCEPT dmz net udp 53
> ACCEPT dmz $FW tcp 53
> ACCEPT dmz $FW udp 53
> DEST LIMIT GROUP
> ACCEPT loc $FW tcp 22
> ACCEPT loc $FW udp 22
> ACCEPT loc dmz tcp 22
> ACCEPT loc dmz udp 22
> DEST LIMIT GROUP
> DNAT loc dmz:192.168.0.35 tcp 80 - 89.x.x.x
> DNAT loc dmz:192.168.0.35 udp 80 - 89.x.x.x
> DNAT loc dmz:192.168.0.35 tcp 443 - 89.x.x.x
> DNAT loc dmz:192.168.0.35 udp 443 - 89.x.x.x
> DNAT net dmz:192.168.0.35 tcp 80
> DNAT net dmz:192.168.0.35 udp 80
> DNAT net dmz:192.168.0.35 tcp 443
> DNAT net dmz:192.168.0.35 udp 443
> REDIRECT loc 3128 tcp 80 - !192.168.0.35
> REDIRECT loc 3128 udp 80 - !192.168.0.35
>
>
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Mon Nov 20 17:53:09 2006

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 20 Nov 2006 - 17:53:13 GMT by hypermail 2.1.8