-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Il 30/01/2016 17:55, Jeremy Baker ha scritto:
> [...] Do you web servers resolve to the local address, or your
> external address from within your network? [...]
I would also add that:
- - _IF_ you are _NOT_ NATting from LOC to DMZ.... and
- - _IF_ the Default-GW configured in your DMZ-Server is the router
connected in the NET zone... and
- - _IF_ the router is correctly configured with a static-route so to reach
LOC clients via the Shorewall-FW gateway
_THEN_
- - you can simply solve your problem by _ADDING_ a static route on the
DMZ-server so to reach the LOC-network directly via the Shorewall-GW
Without the last static-route, when clients in LOC send packets to
DMZ-Server, you're getting asymmetric routing:
=> From LOC to DMZ: LOC-client -> Shorewall-GW -> DMZ-server
=> From DMZ to LOC: DMZ-server -> DEF-GW on NET -> Shorewall-GW ->
LOC-client
and the the "DEF-GW on NET", probably, require some authentication to
forward traffic. That's why you are popped-up with authentication forms.
By adding the static route, you avoid such HOP and traffic flows
simmetrically in both directions.
HTH.
Bye,
DV
- --
Damiano Verzulli
e-mail: dami...@verzulli.it
- ---
possible?ok:while(!possible){open_mindedness++}
- ---
"Technical people tend to fall into two categories: Specialists
and Generalists. The Specialist learns more and more about a
narrower and narrower field, until he eventually, in the limit,
knows everything about nothing. The Generalist learns less and
less about a wider and wider field, until eventually he knows
nothing about everything." - William Stucke - AfrISPA
http://elists.isoc.org/mailman/private/pubsoft/2007-December/001935.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
iEYEARECAAYFAlat0SUACgkQcwT9fsMT4SwqYACeNkMLp1kVtUNjxt2wJswrlx5G
6wcAn3axw9QIWMd9181ALurftVRczdmt
=HKGt
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
