Hi all!
Our shorewall is configured with a separate interface and zone for dmz
hosts.
$ zones
fw firewall
net ipv4
loc ipv4
dmz ipv4
$ interfaces
net eth0 detect
tcpflags,nosmurfs,routefilter,optional
loc eth1 detect routeback,dhcp,tcpflags,routefilter
dmz eth2 detect routeback,tcpflags,routefilter
suppose
dmz is 10.0.0.0/24
loc is 192.168.0.0/24
Dnat rules allow to reach DMZ from loc and net zone using public ip
address: these are working, eg:
DNAT loc,net dmz:10.0.0.1 tcp 80 - 1.2.3.4
DNAT dmz dmz:10.0.0.3 tcp 80 - 1.2.3.4
snat has an entry for the dmz zone
$ snat
# SNAT(1.2.3.4) 10.0.0.0/24 eth0
We can reach webserver without any issue using public ip 1.2.3.4 from
loc and net zone, but not from dmz itself.
(Connection goes timeout)
Also, dmz host can surf any other net host, except from its own public
ip address.
shorewall show log doesn't show anything interesting..
What am I missing?
thanks to everybody!
Nick
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
