Hi, I installed a new soekris running Shorewall. 3 interfaces are active (eth0 = loc, eth1 = net, eth2 = dmz) I want to run a mailserver (pop3, pop3s, imap, impas, smtp, http, https) in the dmz zone. the server IP = 192.168.40.52 and a webserver with ip 192.168.40.51. I used the 3 intrerfaces and almost everything i working fine. I can ssh to the server in the DMZ, I can browse the internet form loc, I can update the soekris ($fw). The only problem is to connect to the webserver and mailserver from the internet. I use a remote server for testing.
my policy = loc dmz ACCEPT info loc $FW ACCEPT info loc all ACCEPT info $FW net ACCEPT info $FW dmz REJECT info $FW loc REJECT info $FW all REJECT info dmz net ACCEPT info dmz $FW ACCEPT info dmz loc ACCEPT info dmz all ACCEPT info net dmz DROP info net $FW DROP info net loc DROP info net all DROP info all all REJECT info my rules = DNS/ACCEPT $FW net SSH/ACCEPT loc $FW SSH/ACCEPT loc dmz DNS/ACCEPT dmz net Ping/DROP net $FW Ping/ACCEPT loc $FW Ping/ACCEPT dmz $FW Ping/ACCEPT loc dmz Ping/ACCEPT dmz loc Ping/ACCEPT dmz net ACCEPT $FW net icmp ACCEPT $FW loc icmp ACCEPT $FW dmz icmp Web/ACCEPT loc $FW (a minimal webserver on the soekirs, is working fine) SMB/ACCEPT loc $FW (samba running on soekris, running fine) SMTP/DNAT net dmz:192.168.40.52 tcp 25 25 (192.168.40.52 = mailserver zimbra) POP3/DNAT net dmz:192.168.40.52 tcp 110 110 POP3S/DNAT net dmz:192.168.40.52 tcp 995 995 IMAP/DNAT net dmz:192.168.40.52 tcp 143 143 IMAPS/DNAT net dmz:192.168.40.52 tcp 993 993 Web/DNAT net dmz:192.168.40.51 tcp 80 80 (192.168.40.51 = webserver) HTTPS/DNAT net dmz:192.168.40.51 tcp 443 443 DNAT net dmz:192.168.40.52 tcp 7071 7071 (mailserver zimbra admin port) Some rules will be closed after successfull testing. What do I wrong? A NMAP scan (from remote server) does only reveal port 22 is open, no other ports while all stated ports should answer. Thx Erwin ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
