Re: [Shorewall-users] rule for allowing users in LOC zone to the websites running in DMZ zone

Sat, 30 Jan 2016 09:34:06 -0800 

On 01/30/2016 08:55 AM, Jeremy Baker wrote:
> On 01/30/2016 11:39 AM, Tom Eastep wrote:
>> On 01/29/2016 10:55 PM, Zenny wrote:
>>> On 1/30/16, Tom Eastep <teas...@shorewall.net> wrote:
>>>> On 1/29/2016 10:58 AM, Zenny wrote:
>>>>> Hi,
>>>>>
>>>>> I am using 3-interface shorewall and working very well. However, I
>>>>> could not figure out how can the users in LOC zone access the websites
>>>>> running in DMZ zone?
>>>>>
>>>>> Appending:
>>>>>
>>>>> Web(ACCEPT)  loc    dmz:192.168.10.111
>>>>>
>>>>> to rules didn'd do as expected. Instead, trying to access the websites
>>>>> running in DMZ zone opens the login page of the modem in bridge mode.
>>>>> However, one can access the site outside of the Net.
>>>>>
>>>> Please forward the output of 'shorewall dump' collected as described at
>>>> http://www.shoreawll.net/support.htm#Guidelines.
>>>
>>> Please find attached the dump output for your perusal.
>>>
>> Looks to me like
>>
>>      Web(ACCEPT)     loc     dmz:192.168.7.108
>>
>> should do the job.
>>
>> If it doesn't, leave that rule in place and:
>>
>> - shorewall reset (resets all of the packet and byte counters)
>> - try to access the web server from the local zone
>> - capture another dump

> Do you web servers resolve to the local address, or your external
> address from within your network?  I have my dns set to give me my
> private local address when lan clients ask to resolve my website ip.
> 

Good point, Jeremy.

Zenny -- if DNS resolves to the external ip, then you will need

        Web(DNAT)       loc     dmz:192.168.7.108 - - - <external ip>

See Shorewall FAQ 2.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to