Ok I can ping the web server from the firewall and vice versa but went I
plug my web server
In to my DMZ orange network In my firewall I can't get my web page up?
-----Original Message-----
From: Steve Holdoway [mailto:[email protected]]
Sent: Friday, May 15, 2009 4:10 PM
To: [email protected]
Subject: Re: Help
Well, what *does* work?
can ifconfig see the 3 interfaces, and do they have ip addresses in separate
subnets assigned?
[here's one I set up a few years ago: eth0 is green, eth1 = orange, and eth2
= red]
eth0 Link encap:Ethernet HWaddr 00:30:BD:09:50:A4
inet addr:192.168.1.254 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:20525179 errors:0 dropped:0 overruns:0 frame:0
TX packets:33707951 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2092449118 (1995.5 MB) TX bytes:544257391 (519.0 MB)
Interrupt:10 Base address:0xb000
eth1 Link encap:Ethernet HWaddr 00:0F:3D:88:9E:C9
inet addr:192.168.3.254 Bcast:192.168.3.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13278777 errors:0 dropped:0 overruns:0 frame:0
TX packets:2488178 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2462410620 (2348.3 MB) TX bytes:221028399 (210.7 MB)
Interrupt:5 Memory:d4800000-0
eth2 Link encap:Ethernet HWaddr 00:0D:88:CA:D1:E3
inet addr:10.1.1.2 Bcast:10.1.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:20363669 errors:0 dropped:0 overruns:0 frame:0
TX packets:17851862 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2350652270 (2241.7 MB) TX bytes:1842739446 (1757.3 MB)
Interrupt:5 Base address:0x9400
can you ping the web server from the firewall and / or vice versa?
PING 192.168.3.4 (192.168.3.4): 56 data bytes
64 bytes from 192.168.3.4: icmp_seq=0 ttl=64 time=0.579 ms
64 bytes from 192.168.3.4: icmp_seq=1 ttl=64 time=0.330 ms
If so, where are you trying to visit the web server from, and have you set
up port forwarding from red/green to it?
[excerpts fromm iptables -t nat --list -n ( 10.1.1.2 is the next hop towards
the internet)]
Chain PORTFW (1 references)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 10.1.1.2 tcp dpt:25
to:192.168.3.4:25
DNAT tcp -- 0.0.0.0/0 10.1.1.2 tcp dpt:80
to:192.168.3.4:80
DNAT tcp -- 0.0.0.0/0 10.1.1.2 tcp dpt:443
to:192.168.3.4:443
[setup->networking]
Current config: GREEN + ORANGE + RED
hth,
Steve
On Fri, 15 May 2009 15:55:29 +1200
Julian Warwick Bethell <[email protected]> wrote:
> I did those steps and they did not get my DMZ to work
>
>
>
>
>
> -----Original Message-----
> From: Steve Holdoway [mailto:[email protected]]
> Sent: Friday, May 15, 2009 3:34 PM
> To: [email protected]
> Subject: Re: Help
>
> On Fri, 15 May 2009 15:22:10 +1200
> Julian Warwick Bethell <[email protected]> wrote:
>
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > I need Help setting up a DMZ on my firewall Ipcop so I use my apache
web
> > server.
> >
>
> You need an extra dedicated network card, and to set it up from the system
> console to be on an unique subnet - this is the orange network in a
> red/orange/green ( or red /orange/blue/green if you've got wireless too )
> configuration.
>
> Once that's done, plug your web server on to it, assign it an IP address
in
> the new subnet, and forward requests on port 80/443 to that IP address.
>
> Very brief, but those are the steps that need to be done!
>
> Steve.
> --
> Steve Holdoway <[email protected]>
> http://www.greengecko.co.nz
>
--
Steve Holdoway <[email protected]>
http://www.greengecko.co.nz
