On Sun, 20 Dec 2009 23:40:54 +0530 ericdes <[email protected]> wrote:
> Hello, > > I'm facing this strange situation when I apply these rules: > > ACCEPT net fw tcp 22,80 - > DNAT net dmz:10.0.0.4 tcp 22,80 - 94.23.242.44 > ACCEPT net fw tcp 1022 - - 6/min:5 > > My set up is a demilitarized zone where I put some KVM guests. > > I can ssh from the world to 94.23.242.44 (or from the host to > 10.0.0.4), but I'm getting these responses when trying to connect to > port 80: > > telnet 94.23.242.44 80 > Trying 94.23.242.44... > telnet: connect to address 94.23.242.44: No route to host > > telnet 10.0.0.4 80 > Trying 10.0.0.4... > telnet: Unable to connect to remote host: No route to host > > I also tried some other ports like ftp but I can only make ssh work. Try running tcpdump on the DMZ interface (bridge) while you try to connect. What do you see? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
