On Fri, 28 Nov 2003 11:04:24 -0800, Tom Eastep wrote: >On Fri, 2003-11-28 at 10:42, Kory Krofft wrote: >>I have been trying to set up a webserver in a DMZ using the >>Shorewall >>3 interfaces examples. I have a test machine with a dialup account >>that I can use to test access to the webserver. On the test >>machine, >>when I try to view the sample web page I get a "page cannot be >>displayed error. Coincident with the attempt I get a series of: >> >>Nov 28 13:31:54 markii Shorewall:all2all:REJECT: IN=eth2 OUT= >>MAC=00:60:97:df:a7:7e:00:50:ba:af:a6:25:08:00 SRC=192.168.10.1 >>DST=192.168.10.254 LEN=70 TOS=00 PREC=0x00 TTL=64 ID=42777 DF >>PROTO=UDP SPT=1024 DPT=53 LEN=50 >> >>in the shorewall log. I have the DNAT rule set up to translate >>incoming requests on port 5000 to port 80 on the DMZ host in case >>my >>ISP blocks port 80. >>The DMZ host is at ip 192.168.10.1. Eth2 is ip 192.168.10.254 >> > >Please spend a little time reading Shorewall FAQ 17 so that in the >future, you won't have to post to the list for such problems. > >The above message indicates that your server in the DMZ is >configured to >use a DNS server on the firewall but you have no dmz->fw DNS rules. > >-Tom
Tom, I apologize for the inconvenience I missed FAQ sect 17. Partly because I did not realize that a DNS connection was needed form the DMZ to the firewall if I was DNATing the request to port 80. I added the rules to allow DNS to the firewall which cleared up the log entry but I still cannot connect to the webserver. I can connect from the loc to the DMZ using the external IP by adding a DNAT loc dmz:192.168.10.1:80 tcp - EXT.ER.NAL.IP. but attempts from the dial up machine still fail with a "page cannot be displayed" message. Kory ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
