[Shorewall-users] Problems with dnat.

Mon, 25 Jul 2011 06:02:29 -0700 

Hello
Sorry for my poor English.
I will explain my problem:

I can not connect from an external web server ip that is in the DMZ.
Both the firewall and the web server receives but does not end the
connection to be established. The connection appears on the client as "
RCV_SYNC."

These are my configuration files.

> cat interfaces

#ZONE INTERFACE BROADCAST OPTIONS

net eth0 detect
dhcp,routeback,blacklist,tcpflags,nosmurfs,routefilter,logmartians

net eth1 detect
dhcp,routeback,blacklist,tcpflags,nosmurfs,routefilter,logmartians

loc eth2 detect
dhcp,routeback,blacklist,tcpflags,nosmurfs,routefilter,logmartians

dmz eth3 detect
dhcp,routeback,blacklist,tcpflags,nosmurfs,routefilter,logmartians

 > cat zones

#ZONE TYPE OPTIONS IN OUT OPTIONS OPTIONS

fw firewall

net ipv4

loc ipv4

dmz ipv4

 > cat providers

#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY

ADSL2 2 0x2 main eth1 8x.xx.1x7.1 track,balance eth2,eth3

ADSL1 1 0x1 main eth0 8y.yy.2y1.2 track,balance eth2,eth3

 > cat mask

#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK

eth0 8y.yy.2y1.yy6 8x.xx.1x7.xx2

eth0 eth2 8y.yy.2y1.yy6

eth0 eth3 8y.yy.2y1.yy6

eth1 8x.xx.1x7.xx2 8y.yy.2y1.yy6

eth1 eth2 8x.xx.1x7.xx2

eth1 eth3 8x.xx.1x7.xx2

 > cat rules

DROP:info net:192.168.0.0/24 all

DROP:info net:192.168.4.0/22 all

DNS(ACCEPT) $FW net:eth0

DNS(ACCEPT) dmz net:eth0

HTTP(ACCEPT) dmz net:eth0

HTTPS(ACCEPT) dmz net:eth0

ACCEPT net:eth0 dmz

DNAT net:eth0 dmz:192.168.0.252 tcp 80

Ping(DROP) net:eth1 $FW

Ping(DROP) net:eth0 $FW

Ping(ACCEPT) loc $FW

Ping(ACCEPT) loc dmz

Ping(ACCEPT) dmz loc

Ping(ACCEPT) dmz net:eth0

Ping(ACCEPT) dmz $FW

ACCEPT $FW loc icmp

ACCEPT $FW dmz icmp

SSH(ACCEPT) dmz $FW

 > cat tcrules

#MARK SOURCE DEST PROTO DEST_PORT(S)

1:P 192.168.0.0/24 -

2:P 192.168.4.0/22 -

1 $FW

-- 
   Un saludo .

---------------------------------------------------------------------------------------------------------------
            Jose María Iranzo Marín -------- joi...@gmail.com
---------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------
Storage Efficiency Calculator
This modeling tool is based on patent-pending intellectual property that
has been used successfully in hundreds of IBM storage optimization engage-
ments, worldwide.  Store less, Store more with what you own, Move data to 
the right place. Try It Now! http://www.accelacomm.com/jaw/sfnl/114/51427378/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to