-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Il 30/01/2016 17:55, Jeremy Baker ha scritto: > [...] Do you web servers resolve to the local address, or your > external address from within your network? [...]
I would also add that: - - _IF_ you are _NOT_ NATting from LOC to DMZ.... and - - _IF_ the Default-GW configured in your DMZ-Server is the router connected in the NET zone... and - - _IF_ the router is correctly configured with a static-route so to reach LOC clients via the Shorewall-FW gateway _THEN_ - - you can simply solve your problem by _ADDING_ a static route on the DMZ-server so to reach the LOC-network directly via the Shorewall-GW Without the last static-route, when clients in LOC send packets to DMZ-Server, you're getting asymmetric routing: => From LOC to DMZ: LOC-client -> Shorewall-GW -> DMZ-server => From DMZ to LOC: DMZ-server -> DEF-GW on NET -> Shorewall-GW -> LOC-client and the the "DEF-GW on NET", probably, require some authentication to forward traffic. That's why you are popped-up with authentication forms. By adding the static route, you avoid such HOP and traffic flows simmetrically in both directions. HTH. Bye, DV - -- Damiano Verzulli e-mail: dami...@verzulli.it - --- possible?ok:while(!possible){open_mindedness++} - --- "Technical people tend to fall into two categories: Specialists and Generalists. The Specialist learns more and more about a narrower and narrower field, until he eventually, in the limit, knows everything about nothing. The Generalist learns less and less about a wider and wider field, until eventually he knows nothing about everything." - William Stucke - AfrISPA http://elists.isoc.org/mailman/private/pubsoft/2007-December/001935.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEARECAAYFAlat0SUACgkQcwT9fsMT4SwqYACeNkMLp1kVtUNjxt2wJswrlx5G 6wcAn3axw9QIWMd9181ALurftVRczdmt =HKGt -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users