You mean DMZ should
all accept accept ?
--- 2010年2月2日 星期二,Michael Weickel - iQom Business Services GmbH <m...@iqom.de>
寫道﹕
寄件人: Michael Weickel - iQom Business Services GmbH <m...@iqom.de>
主題: Re: [Shorewall-users] Suddenly DMZ can't access to internet
收件人: "'Shorewall Users'" <shorewall-users@lists.sourceforge.net>
日期: 2010年2月2日,星期二,下午11:57
To know that it worked
before is a quite important comment.
However, I think if you
want to NAT from untrusted to dmz you should investigate rules.
Policies should not have
anything to do with it since this would globally open dmz for untrusted without
a chance to influence proto and port.
Von: Wilson Kwok
[mailto:leiw...@yahoo.com.hk]
Gesendet: Dienstag, 2. Februar
2010 16:50
An: Shorewall Users
Betreff: Re: [Shorewall-users]
Suddenly DMZ can't access to internet
I never set routing between them, but it previous
work find.
I mean they can access one server by one public address.
I think I have to check policy and rules.
--- 2010年2月2日
星期二,Michael Weickel - iQom Business Services
GmbH <m...@iqom.de> 寫道﹕
寄件人:
Michael Weickel - iQom Business Services GmbH <m...@iqom.de>
主題:
Re: [Shorewall-users] Suddenly DMZ can't access to internet
收件人:
"'Shorewall Users'" <shorewall-users@lists.sourceforge.net>
日期:
2010年2月2日,星期二,下午7:25
If loc can access wan this is because you have
a default route (0.0.0.0/0) from loc clients to loc interface and from
firewall to wan-router (normally provided by your isp)
If loc can access dmz this is either because
dmz clients have a static route back to loc or a default route to firewalls
dmz interface (since loc has a default route there is no need to describe the
way to the dmz but a need to explain your dmz to return, this can be done by
static or default route)
If dmz has default route to firewalls dmz
interface than routing is fine. In this case I guess rules or policy is
wrong.
In internal can access public ip (what do you
mean? Public wan oder publc dmz?) this say nothing about why dmz is not
working.
Von: Wilson Kwok
[mailto:leiw...@yahoo.com.hk]
Gesendet: Dienstag, 2. Februar
2010 12:19
An: Shorewall Users
Betreff: Re: [Shorewall-users]
Suddenly DMZ can't access to internet
That's
odd, internal can access one of public IP ....
--- 2010年2月2日
星期二,Michael Weickel - iQom Business
Services GmbH <m...@iqom.de>
寫道﹕
寄件人:
Michael Weickel - iQom Business Services GmbH <m...@iqom.de>
主題:
Re: [Shorewall-users] Suddenly DMZ can't access to internet
收件人:
"'Shorewall Users'" <shorewall-users@lists.sourceforge.net>
日期:
2010年2月2日,星期二,下午5:50
Either you maybe do only have a static
route between dmz clients and loc but no default route or maybe something
is wrong with your rules or policies.
Does your policy file logs all all
drop and net all drop? If yes, what do you see in your messages?
Cheers
Mike
Von: Wilson Kwok
[mailto:leiw...@yahoo.com.hk]
Gesendet: Dienstag, 2. Februar
2010 10:45
An:
shorewall-users@lists.sourceforge.net
Betreff: [Shorewall-users] Suddenly
DMZ can't access to internet
Hello
We are using old version ( shorewall-3.0.7-1) with Centos 5.3
The shorewall has three zones (net / loc / dmz).
Loc can access to internet with no problem and can access to DMZ.
DMZ can't access to internet.
Net can't access to DMZ with NAT.
I tried to restart the machine / check Lan card / check cable , they were
work find.
Is it DMZ Lan card problem? but it can start at Centos ...
Thanks !!
Yahoo!香港提供網上安全攻略,教你如何防範黑客!了解更多
-----內含下列附件-----
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the
business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
-----內含下列附件-----
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Yahoo!香港提供網上安全攻略,教你如何防範黑客!了解更多
-----內含下列附件-----
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
-----內含下列附件-----
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Yahoo!香港提供網上安全攻略,教你如何防範黑客!了解更多
-----內含下列附件-----
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
-----內含下列附件-----
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Yahoo!香港提供網上安全攻略,教你如何防範黑客! 請前往 http://hk.promo.yahoo.com/security/ 了解更多!------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
