Hristo Benev wrote:
> > Sorry I was not really clear.I'm little bit confused by Xen Networking, so I may have some interfaces that are not used. Basically I'm trying to limit the access from net to DMZ to certain ports only.
> Initially my DomU machine (lets call it Mail) with IP x.x.x.165 > was bridged and I have direct access to it from internet. > I modified config file to routing and tried to follow your guide,
maybe I did something wrong because I still had access from internet to "Mail"
> even I have "net to all drop" in policy.I don't see how, unless your eth0 and eth2 are connected to the same switch/hub.
How I can troubleshoot it?
Be sure that you really have a problem. Start with a fresh client on an internet system and connect to Mail. Be sure that the connection shows up in the output of "shorewall show connections". Now "shorewall show net2dmz". Do you see any traffic? If not, then traffic from the internet is bypassing eth0.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
