Hi all,
may stupid, but how can i open port 80 (www) for my server staying
in the dmz zone ?
My config is as follows:
------------------modem adsl (ppp0)---------
| |
| router/shorewall
server in dmz |
LAN
as explained in :
http://www.shorewall.net/three-interface_fr.html
There is no firewall or proxy running on the server.
The router runs shorewall/proxy(squid) on a debian system.
What can i do giving access from the net to my server ?
Thanks for the help.
best regards
mess-mate
--
There is no distinctly native American criminal class except Congress.
-- Mark Twain
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
mess-mate wrote:> Hi all, > may stupid, but how can i open port 80 (www) for my server staying > in the dmz zone ? > My config is as follows: > > ------------------modem adsl (ppp0)--------- > | | > | router/shorewall > server in dmz | > LAN > > as explained in : > http://www.shorewall.net/three-interface_fr.html > > There is no firewall or proxy running on the server. > The router runs shorewall/proxy(squid) on a debian system. > > What can i do giving access from the net to my server ?From your ASCII art, we can''t really tell what your network topology is -- from the diagram, it looks like the server in the DMZ isn''t even behind Shorewall but connected directly to the modem! If you really have the three-interface configuration, then of course you simply follow "Exemple 1" in http://www.shorewall.net/three-interface_fr.html. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Tom Eastep <teastep@shorewall.net> wrote:
| mess-mate wrote:
| > Hi all,
| > may stupid, but how can i open port 80 (www) for my server staying
| > in the dmz zone ?
| > My config is as follows:
| >
| > ------------------modem adsl (ppp0)---(dunamic IP)
|
modem ( 192.168.1.254)
| (192.168.1.0 netw)
----------router/shorewall---(192.168.1.1 IP)
| |
server in dmz (192.168.100.0 netw) LAN ( 192.168.50.0 network)
+ wifi in the same network
| From your ASCII art, we can''t really tell what your network topology
is --
| from the diagram, it looks like the server in the DMZ isn''t even
behind
| Shorewall but connected directly to the modem!
|
| If you really have the three-interface configuration, then of course you
| simply follow "Exemple 1" in
http://www.shorewall.net/three-interface_fr.html.
|
Thanks for the reply Tom,
i modified my diagram, the dmz and lan zones are both behind the
firewall. The LAN zone is composed of a wired part and a wifi part.
The dmz zone have only 1 server.
I''m connected to the internet with pppoe and had to create a pppoe
zone and a modem zone. PPPOE have a dynamic IP and the modem
192.168.1.1.
I really followed the three-interface setup and can connect to the
internect with the wired lan and the dmz machine.
Can''t connect to internet with the wifi part on the lan zone and
nobody can connect from outside (internet) to my server in the dmz
zone.
I setted-up as explained a DNAT loc dmz:192.168.100.1 tcp 80 $ETH0_IP
and the params for testing purposes to access the webpages on the dmz
machine. Don''t work also.
Resumed: what work is connecting to internat from the wired lan and
the dmz and retrieving my messages from my ISP.
All other won''t work.
best regards
mess-mate
--
Familiarity breeds contempt -- and children.
-- Mark Twain
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
mess-mate wrote:> I really followed the three-interface setup and can connect to the > internect with the wired lan and the dmz machine. > Can''t connect to internet with the wifi part on the lan zone and > nobody can connect from outside (internet) to my server in the dmz > zone. > > I setted-up as explained a DNAT loc dmz:192.168.100.1 tcp 80 $ETH0_IP > and the params for testing purposes to access the webpages on the dmz > machine. Don''t work also. > > Resumed: what work is connecting to internat from the wired lan and > the dmz and retrieving my messages from my ISP. > All other won''t work. >"it doesn''t work" is a complaint, not a problem report. Please: a) Attempt to troubleshoot the problems using the Shorewall Troubleshooting Guide (http://www.shorewall.net/troubleshoot.htm). b) DNAT problems an be analyzed using tips in Shorewall FAQs 1a and 1b. c) If you are still stuck, please submit a complete problem report as described at http://www.shorewall.net/support.htm#Guidelines. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Tom Eastep <teastep@shorewall.net> wrote: | mess-mate wrote: | | > I really followed the three-interface setup and can connect to the | > internect with the wired lan and the dmz machine. | > Can''t connect to internet with the wifi part on the lan zone and | > nobody can connect from outside (internet) to my server in the dmz | > zone. | > | > I setted-up as explained a DNAT loc dmz:192.168.100.1 tcp 80 $ETH0_IP | > and the params for testing purposes to access the webpages on the dmz | > machine. Don''t work also. | > | > Resumed: what work is connecting to internat from the wired lan and | > the dmz and retrieving my messages from my ISP. | > All other won''t work. | > | | "it doesn''t work" is a complaint, not a problem report. | | Please: | | a) Attempt to troubleshoot the problems using the Shorewall | Troubleshooting Guide (http://www.shorewall.net/troubleshoot.htm). | | b) DNAT problems an be analyzed using tips in Shorewall FAQs 1a and 1b. | | c) If you are still stuck, please submit a complete problem report as | described at http://www.shorewall.net/support.htm#Guidelines. | Thanks, finded in the *.pdf file the way to get the dmz working. All went fine now, except the DNAT with $ETH0_IP. best regards mess-mate -- You have the body of a 19 year old. Please return it before it gets wrinkled. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV