Hello colleagues, I hope that someone can point me in the right direction here. I have been trying many options for weeks to sort this out. (Thank you for the excellent Shorewall documentation.) In a nutshell, I can see network traffic coming into my DMZ from external to my site, but I don’t see it coming out. Environment: Debian 10.3 Stable Xen 4.11.4-pre Shorewall 5.2.3.2 I have four Debian 10.3 Stable VMs running. Everything has been working fine for several years with a single public IP connected to two externally facing VMs, with traffic redirected using DNAT. I recently obtained a /28 subnet of public IP addresses from my ISP to allow me to expand my web activities.
I’m having troubles getting network traffic returned from my DMZ VMs with these /28 subnet IP addresses. I have the same result whether I set my systems up using either:
My current configuration is configured as XEN Routed. ===== I can get external network traffic returned from my servers under the current configuration if I:
===== I have attached a shorewall dump below. For this test, I attempted to access the web site of one of my domains at http://www.foss4climate.org. This domain and site have not been launched and are just in a preliminary stage. This URL points to my reverse proxy server. I then redirect using https to a second webserver (www2 also a VM) that uses a private IP address. I tested from a laptop, external to my site’s network.
I hope that you can point me in the right direction. Kind regards, Bruce |
shorewall_dump.tar.gz
Description: GNU Zip compressed data
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
