Re: [Shorewall-users] FW: Help needed need to restart port redirectionand apply configuartion in shorewall for internal clients to see theweb pages via squid and dmz

Mon, 07 Jan 2008 15:30:21 -0800 

Mahindra Patel wrote:


-----Original Message-----
From: Mahindra Patel [mailto:[EMAIL PROTECTED]
Sent: 07 January 2008 12:49
To: Shorewall Users
Subject: RE: [Shorewall-users] Help needed need to restart port
redirectionand apply configuartion in shorewall for internal clients to
see theweb pages via squid and dmz


Dear Tom,
Enclosed is zip the startup and dump after the first port redirection
correction.

The problem is at anytime shorwell is configured and configuaration applied
the port redirection to proxy does not work!

i.e internal users cannot surf the web.

To correct this issue I go in webmin squid module and go to port redirection
module in squid and just save the the redirection eth0.

This then enables internal clients to access the web but then the internal
clients cannot connect to dmz via internal address 192.168.10.1 and
192.168.10.2
To correct this then requires another refresh application in the shorewall.
After that all is good. status dump2 final dump when all is good.

Hope you can help.



It looks to me like that, at some point, you did a 'shorewall save'. 
Now, when you reboot, the system is restoring the saved configuration 
rather than recompiling your current configuration and installing it.


You can either:


a) Be sure that you are running the correct (working) configuration and 
do another 'shorewall save'. Remember to 'shorewall save' after each 
configuration change (do the 'save' after you have verified that the 
configuration change is correct).



If you take this approach, you should also install 'make' on your 
firewall. That way, if the saved configuration is out of date (is older 
than some file in /etc/shorewall), Shorewall will recompile your 
configuration and install it during boot.


or

b) Execute the command 'shorewall forget'.

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key




Attachment:
signature.asc

Description: OpenPGP digital signature


-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users














    











					Reply via email to