On Mon, 2011-07-25 at 16:21 +0200, Jose Maria Iranzo wrote: > > I attach to this mail my shorewall dump.
I see nothing wrong in your configuration.
A couple of things:
a) Please allow ping from fw->net so your log isn't full of rejected
ping requests. There have been 9 logged net->fw connection requests
since Shorewall is restarted, but given the flood of REJECTed pings, we
can't see what they were.
b) There have been no attempts to connect to your web server since
Shorewall was last restarted:
Chain net_dnat (2 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- eth0 * 0.0.0.0/0
8x.xx.1x7.xx2 tcp dpt:80 to:192.168.0.252
-------
0 0 DNAT tcp -- eth0 * 0.0.0.0/0
8y.yy.2y1.yy6 tcp dpt:80 to:192.168.0.252
-------
c) If, as you said in your previous email, requests are reaching the
server (192.168.0.252), then your Shorewall configuration is correct! In
that case, you should perform the troubleshooting steps outlined in FAQs
1a and 1b. And if you run tcpdump on the firewall's DMZ interface
(eth3), do you see the server's SYN,ACK response?
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Storage Efficiency Calculator This modeling tool is based on patent-pending intellectual property that has been used successfully in hundreds of IBM storage optimization engage- ments, worldwide. Store less, Store more with what you own, Move data to the right place. Try It Now! http://www.accelacomm.com/jaw/sfnl/114/51427378/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
