Re: [leaf-user] dns or rule problem?????

Sat, 01 Apr 2006 09:52:18 -0800 

Hello Andrew , you wrote

> I´m running Bering u-Clibc 2.1.3
> I have 5 static IP´s coming in from my ISP. (eth 0)
> 4 of them are proxyARPed to the DMZ. (eth 2)
> The last IP is serving my local network. (eth 1)
> My dmz is basically web servers with port 80 open.
> Outside my network, people can see my servers just fine, but from my
> local network I can´t access my websites even using their public IP´s.
> Do you have any recomendations for allowing me to access my dmz
> websites from my local network coomputers?  Security to and from my
> local network to and from the dmz is also a high priority.
> I am a novice at this, so please be kind.  I have not made many
> changes to the settings on the firewall box.
> I don't know if it matters but I am using my ISP's dns service.
> Let me know if you need more info.
>
> Thanks,
> Andrew
>
It seems, that this is a routing /Firewall problem.
Your static IPs if coming from the outside are routed to a DMZ server.
If coming from your internal network they  "end" at your external interface.
If they reach your server, than your firewall restrict their answers.(from dmz
to local)
You have to set a rule allowing a machine on your local network to access the
machine on the dmz and back!.
In that case use something like in the shorewall rulesfile .
ACCEPT          loc       dmz           tcp    80

Or if you only want a special machine to be allowed to go to the dmz use
something like.

ACCEPT  loc:192.168.1.10 dmz tcp 80

Hope this helps
I assume that the syntax is correct so, I still use an "old Bering " ;)

regards

Eric Wolzak




-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
------------------------------------------------------------------------
leaf-user mailing list: [email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Reply via email to