Greetings all, I switched our firewall from a script I maintained to Shorewall. (Version is 3.2.6 - was what was available the easy way with Debian)Everything is fine except for traffic to one site that is behind the firewall, and not from the outside.
The firewall has 5 addresses, 3 occupy websites (2 of which are SSL enabled) and they run on that machine. (eth0, :1, :2, etc on the internet side and eth1 is 10.1.1.2 on the lan side) We just added another machine, but it's running on a W2K3 Server that is behind the firewall on the local network @ 10.1.1.3 To complicate matters slightly there is also a Squid server on the same machine.
(This server and firewall will be split up but not for some time yet)From outside of the network I can access the site running on 70.61.215.101 that DNATs to 10.1.1.3 From inside of the network it does forward the traffic to 70.61.215.101, but it does not further relay that to 10.1.1.3 I can have the locally running Apache service listen on that address and it answers requests from the inside, but it normally does not listen on that address. The site is running a product called Moveit and it uses SSL, so there would be a nag screen when the certificates are installed
if we access it by it's internal IP - which I am trying to avoid.Is it possible to further route this traffic, avoiding the proxy server and mangling this up too bad?
I have attached the output of 'shorewall dump' to this message. Thanks everyone. *** *
status.txt.gz
Description: application/gzip
------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
