Shorewall users - Feb 2006 - AllowWeb does not allow connection from LAN to firewall

I am running shorewall 2.4.6
on my desktop "alfred".
I am also running httpd on alfred.
I am using the standard "two-interfaces" setup,
except that I have added two lines to /etc/shorewall/rules :
	AllowWeb        loc     fw
	AllowWeb        net     fw

The first works; I can access my web-server from an external system.
But the second does not work;
I cannot access my web-server from the laptop "martha" on my little
LAN.
(In fact I cannot access my web-server from any local machine.)
I get the message 
"The connection was refused when attempting to contact alfred"
and "nmap -p 80 alfred" shows that the port is closed.

Have I misunderstood something about AllowWeb ?

Any suggestions or advice gratefully received.
I''ve taken the liberty of attaching the file status.txt.gz
obtained by running "/sbin/shorewall status".

-- 
Timothy Murphy  
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

On Wednesday 08 February 2006 06:06, Timothy Murphy wrote:
> Any suggestions or advice gratefully received.
a) "shorewall clear"
b) Try to connect to your web server from the local lan

If b) is successful, then the problem is in your Shorewall configuration (I 
very much doubt that since your configuration looks correct). If b) is not 
successful then your problem has absolutely nothing to do with Shorewall 
(which is my bet).

Be sure to "shorewall start" after the test.

Once you''ve eliminated Shorewall, it should be pretty easy to
understand why
your web server is rejecting requests from the local lan.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

On Wednesday 08 February 2006 15:12, Tom Eastep wrote:
> a) "shorewall clear"
> b) Try to connect to your web server from the local lan
>
> If b) is successful, then the problem is in your Shorewall configuration (I
> very much doubt that since your configuration looks correct). If b) is not
> successful then your problem has absolutely nothing to do with Shorewall
> (which is my bet).
Thank you very much.
As you predicted, "shorewall clear" did not solve the problem.
So I must look elsewhere for the solution ...

-- 
Timothy Murphy  
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

On Wednesday 08 February 2006 23:02, Timothy Murphy
wrote:
> On Wednesday 08 February 2006 15:12, Tom Eastep wrote:
> > a) "shorewall clear"
> > b) Try to connect to your web server from the local lan
> >
> > If b) is successful, then the problem is in your Shorewall
configuration
> > (I very much doubt that since your configuration looks correct). If b)
is
> > not successful then your problem has absolutely nothing to do with
> > Shorewall (which is my bet).
>
> Thank you very much.
> As you predicted, "shorewall clear" did not solve the problem.
> So I must look elsewhere for the solution ...
And I found it, in the bowels of httpd -
thank you again,
and apologies for thinking shorewall might be the culprit.


-- 
Timothy Murphy  
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642