mess-mate wrote: > Tom Eastep <[EMAIL PROTECTED]> wrote: > | mess-mate wrote: > | > Hi, > | > can't get it working :( > | > This is what i have when http://www.laplaceverte.fr : > | > While trying to retrieve the URL: http://www.laplaceverte.fr/ > | > > | > The following error was encountered: > | > > | > * Connection to 86.192.96.249 Failed > | > > | > The system returned: > | > > | > (111) Connection refused > | > > | > The remote host or network may be down. Please try the > | > request again. > | > > | > ppp0 point to 86.192.96.249 and in the /etc/shorewall/rules i've: > | > DNAT loc dmz:192.168.20.1 tcp 80 - $ETH0_IP > | > Web/DNAT net dmz:192.168.20.1 > | > > | > anything wrong with the rules ? > | > | That's like saying "The sky is blue" then asking "anything wrong with that > | sentence?". While the sky may very well be blue, it might also be a gray > | cloudy day. In other words, the correctness of the rules that you posted > | cannot be determined by looking at them out of context. They don't look > | obviously wrong. > | > | IIRC, when we last visited this problem, the connection failure only > | occurred from the 'loc' zone. Furthermore, a tcpdump running during a > | connection attempt revealed that no tcp port 80 traffic to 86.192.96.249 was > | reaching the Shorewall box. Is that still the case? > | > | -Tom > | -- > Did a test with the proxy settings OFF on the browsers. > > The browsers on the machines are configured to pass trough the proxy. > So configured a browser to connect direct to internet ( no proxy > config) and i got my website and also all other websites. > > I don't understand exactly why the browsers are to have a direct > connection to internet now ? > > mess-mate
I assume that the proxy is running on the same system as Shorewall? If so, then it is the proxy that attempts to connect to www.laplaceverte.fr that is a fw->fw connection (since the IP address of www.laplaceverte.fr is local to the Shorewall system). You can work around this by adding this rule: DNAT $FW dmz:192.168.20.1 tcp 80 - $ETH0_IP -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
