On Tue, 26 Oct 2021 07:49:25 +0000 "Nicola Ferrari (#554252)" <nick-li...@posteo.eu> wrote:
> We can reach webserver without any issue using public ip 1.2.3.4 from > loc and net zone, but not from dmz itself. > (Connection goes timeout) > > Also, dmz host can surf any other net host, except from its own > public ip address. > > shorewall show log doesn't show anything interesting.. > > What am I missing? https://shorewall.org/FAQ.htm#faq2 Because you likely have limited number of servers in dmz, you can give your names proper internal addresses by setting their real (not public) addresses in /etc/hosts on all servers so that packets won't go to firewall. -- Tuomo Soini <t...@foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
