I never set routing between them, but it previous work find.
I mean they can access one server by one public address.
I think I have to check policy and rules.
--- 2010年2月2日 星期二,Michael Weickel - iQom Business Services GmbH <m...@iqom.de>
寫道﹕
寄件人: Michael Weickel - iQom Business Services GmbH <m...@iqom.de>
主題: Re: [Shorewall-users] Suddenly DMZ can't access to internet
收件人: "'Shorewall Users'" <shorewall-users@lists.sourceforge.net>
日期: 2010年2月2日,星期二,下午7:25
If loc can access wan
this is because you have a default route (0.0.0.0/0) from loc clients to loc
interface and from firewall to wan-router (normally provided by your isp)
If loc can access dmz
this is either because dmz clients have a static route back to loc or a default
route to firewalls dmz interface (since loc has a default route there is no
need to describe the way to the dmz but a need to explain your dmz to return,
this can be done by static or default route)
If dmz has default route
to firewalls dmz interface than routing is fine. In this case I guess rules or
policy is wrong.
In internal can access
public ip (what do you mean? Public wan oder publc dmz?) this say nothing about
why dmz is not working.
Von: Wilson Kwok
[mailto:leiw...@yahoo.com.hk]
Gesendet: Dienstag, 2. Februar
2010 12:19
An: Shorewall Users
Betreff: Re: [Shorewall-users]
Suddenly DMZ can't access to internet
That's odd, internal can access one of public IP
....
--- 2010年2月2日
星期二,Michael Weickel - iQom Business Services
GmbH <m...@iqom.de> 寫道﹕
寄件人:
Michael Weickel - iQom Business Services GmbH <m...@iqom.de>
主題:
Re: [Shorewall-users] Suddenly DMZ can't access to internet
收件人:
"'Shorewall Users'" <shorewall-users@lists.sourceforge.net>
日期:
2010年2月2日,星期二,下午5:50
Either you maybe do only have a static route
between dmz clients and loc but no default route or maybe something is wrong
with your rules or policies.
Does your policy file logs all all drop and net
all drop? If yes, what do you see in your messages?
Cheers
Mike
Von: Wilson Kwok
[mailto:leiw...@yahoo.com.hk]
Gesendet: Dienstag, 2. Februar
2010 10:45
An:
shorewall-users@lists.sourceforge.net
Betreff: [Shorewall-users]
Suddenly DMZ can't access to internet
Hello
We are using old version ( shorewall-3.0.7-1) with Centos 5.3
The shorewall has three zones (net / loc / dmz).
Loc can access to internet with no problem and can access to DMZ.
DMZ can't access to internet.
Net can't access to DMZ with NAT.
I tried to restart the machine / check Lan card / check cable , they were
work find.
Is it DMZ Lan card problem? but it can start at Centos ...
Thanks !!
Yahoo!香港提供網上安全攻略,教你如何防範黑客!了解更多
-----內含下列附件-----
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
-----內含下列附件-----
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Yahoo!香港提供網上安全攻略,教你如何防範黑客!了解更多
-----內含下列附件-----
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
-----內含下列附件-----
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Yahoo!香港提供網上安全攻略,教你如何防範黑客! 請前往 http://hk.promo.yahoo.com/security/ 了解更多!------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
