On Friday 22 February 2002 01:47, Robert Williams wrote: > Thank you for clarifying that there is no direct link between the > two nets. However I am assuming that the web server and the firewall > have to be able to 'talk' and I am not able to ping from the server > to the firewall and vice versa. Also when I point my web browser to > the external ip address I get denys in the output log. When I try to > connect to 64.171.17.147 I get > Feb 21 23:42:33 firewall kernel: Packet log: output DENY eth0 PROTO=6 > 192.168.1.2:49753 192.168.2.1:80 L=48 S=0x00 I=32564 F=0x4000 T=254 > SYN (#8) > Any help would be appreciated. I know that I have something > misconfigured but I just can't see what it is. Any help is much > appreciated, Robert
Your right, you should be able to ping the DMZ from the LEAF box itself as long as imcp packets to eth2 are allowed. However, you will not be able to see the webserver on the dmz from the internal net regardless unless you relay from a remote server/shell. The only good way to test whether the webserver is working correctly in the DMZ with only one external ip/box is to call a friend and have them try to access the webserver. The 192.168.1.0 network and the 192.168.2.0 DMZ network will not communicate to each other unless you make it possible by changing the default settings/routes with Eigerstein/Dachstein......even if you do try to access it by the eth0 address. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
