[EMAIL PROTECTED] wrote: > I have a firewall box with four NIC cards, eth0 is connected to a > fiber modem through which I connect to the ISP using pppoe and gets > its static IP through dhcp, giving me ppp0, eth1 is my home network > on 192.168.3/24, eth2 is my office network on 10.1.1/24, and eth3 is > my dmz on 172.16.1/24 > > I am running a dhcp server for the 192.168.3/24 and 10.1.1/24 > networks. I am runninf dansguardian/squid for the 192.168.3/24 > network and squid for the 10.1.1/24 network. servers in the dmz have > static IP addresses and are using proxyarp through shorewall. I also > have a pptp vpn for outside access to the offic network. > > Here is my interfaces file:
Please see http://www.shorewall.net/support.htm#Guidelines. Only the most boneheaded mistakes can be caught by looking at your configuration files. For this one, we need the output of "shorewall dump" collected and sent as described in the aforementioned URL. > The redirect rules are: > > REDIRECT home 8080 tcp http > ACCEPT home fw tcp 8080 > ACCEPT fw fw tcp 3128 Shorewall always allows fw->fw traffic. Depending on the version of Shorewall you are running, a single fw->fw ACCEPT rule can cause all other fw->fw traffic to be rejected! Bottom line: fw->fw rules are a very bad idea. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
