Re: [Vserver] Shorewall problems

From: Dusan Vejnovic <Dusan.Vejnovic_at_mors.si>
Date: Mon 20 Nov 2006 - 18:14:35 GMT
Message-id: <7414074506.7450674140@mors.si>

I add udp rules because they are defined in /etc/service file.

Bye
Dusan

----- Original Message -----
From: Laurent Vallar - aka Val <val@zbla.net>
Date: Monday, November 20, 2006 2:42 pm
Subject: Re: [Vserver] Shorewall problems

> On Fri,Nov,17,2006, Dusan Vejnovic wrote:
> > Subject: [Vserver] Shorewall problems
> > [...]
> > I have two NICs, one for internal and one for external use. For
> firewall I
> > use shorewall. I set up vserver for web server. And my problem: I
> can> access my web server from my internal network. But when I
> connect from
> > outside there not responding from web vserver.
> > [...]
> > Please help!!!
> >
> > ----------------------------------------------------
> > My configuration of shorewall.
> > [...]
>
> Please add ":info" to web vserver related DNAT rules and verify
> logs (using
> grep and filtering on vserver IP) there is no DROP according to
> your policy
> file (net -> dmz).
>
> Try to replace :
> DNAT net dmz:192.168.0.35 tcp 80
> DNAT net dmz:192.168.0.35 tcp 443
> With :
> DNAT:info net dmz:192.168.0.35 tcp 80 - 89.x.x.x
> DNAT:info net dmz:192.168.0.35 tcp 443 - 89.x.x.x
>
> Why do you add UDP rules for WWW (80/443), WWW proxy (3128) and SSH
> (22) ?
> All of these protocols are TCP ones...
>
> Regards,
> Val.
>
> --
> .''`.
> : :' : Laurent Vallar - aka Val - Network & System Staff Engineer
> `. `' GPG Key: 1024D/C4F38417 - http://www.zbla.net
> `-
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
>
>

_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Mon Nov 20 18:17:41 2006

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 20 Nov 2006 - 18:17:56 GMT by hypermail 2.1.8