On Fri, 2003-11-28 at 10:42, Kory Krofft wrote: > I have been trying to set up a webserver in a DMZ using the Shorewall > 3 interfaces examples. I have a test machine with a dialup account > that I can use to test access to the webserver. On the test machine, > when I try to view the sample web page I get a "page cannot be > displayed error. Coincident with the attempt I get a series of: > > Nov 28 13:31:54 markii Shorewall:all2all:REJECT: IN=eth2 OUT= > MAC=00:60:97:df:a7:7e:00:50:ba:af:a6:25:08:00 SRC=192.168.10.1 > DST=192.168.10.254 LEN=70 TOS=00 PREC=0x00 TTL=64 ID=42777 DF > PROTO=UDP SPT=1024 DPT=53 LEN=50 > > in the shorewall log. I have the DNAT rule set up to translate > incoming requests on port 5000 to port 80 on the DMZ host in case my > ISP blocks port 80. > The DMZ host is at ip 192.168.10.1. Eth2 is ip 192.168.10.254 >
Please spend a little time reading Shorewall FAQ 17 so that in the future, you won't have to post to the list for such problems. The above message indicates that your server in the DMZ is configured to use a DNS server on the firewall but you have no dmz->fw DNS rules. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
