Tom Eastep <[EMAIL PROTECTED]> wrote:
| mess-mate wrote:
| > Tom Eastep <[EMAIL PROTECTED]> wrote:
| > | mess-mate wrote:
| > | > Hi,
| > | > can't get it working :(
| > | > This is what i have when http://www.laplaceverte.fr :
| > | > While trying to retrieve the URL: http://www.laplaceverte.fr/
| > | >
| > | > The following error was encountered:
| > | >
| > | > * Connection to 86.192.96.249 Failed
| > | >
| > | > The system returned:
| > | >
| > | > (111) Connection refused
| > | >
| > | > The remote host or network may be down. Please try the
| > | > request again.
| > | >
| > | > ppp0 point to 86.192.96.249 and in the /etc/shorewall/rules i've:
| > | > DNAT loc dmz:192.168.20.1 tcp 80 - $ETH0_IP
| > | > Web/DNAT net dmz:192.168.20.1
| > | >
| > | > anything wrong with the rules ?
| > |
| > | That's like saying "The sky is blue" then asking "anything wrong with that
| > | sentence?". While the sky may very well be blue, it might also be a gray
| > | cloudy day. In other words, the correctness of the rules that you posted
| > | cannot be determined by looking at them out of context. They don't look
| > | obviously wrong.
| > |
| > | IIRC, when we last visited this problem, the connection failure only
| > | occurred from the 'loc' zone. Furthermore, a tcpdump running during a
| > | connection attempt revealed that no tcp port 80 traffic to 86.192.96.249
was
| > | reaching the Shorewall box. Is that still the case?
| > |
| > | -Tom
| > | --
| > Did a test with the proxy settings OFF on the browsers.
| >
| > The browsers on the machines are configured to pass trough the proxy.
| > So configured a browser to connect direct to internet ( no proxy
| > config) and i got my website and also all other websites.
| >
| > I don't understand exactly why the browsers are to have a direct
| > connection to internet now ?
| >
| > mess-mate
|
| I assume that the proxy is running on the same system as Shorewall? If so,
| then it is the proxy that attempts to connect to www.laplaceverte.fr that is
| a fw->fw connection (since the IP address of www.laplaceverte.fr is local to
| the Shorewall system).
|
| You can work around this by adding this rule:
|
| DNAT $FW dmz:192.168.20.1 tcp 80 - $ETH0_IP
|
| -Tom
| --
OK it's done and working, thanks. Now a connection can be made with a
browser 'with or without' configured to connect with the proxy.
Is this line still usefull ?
DNAT loc dmz:192.168.20.1 tcp 80 - $ETH0_IP
mess-mate
--
Q: What do you call a principal female opera singer whose high C
is lower than those of other principal female opera singers?
A: A deep C diva.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
