Tom Eastep
2008-Jan-07 23:30 UTC
Re: FW: Help needed need to restart port redirectionand apply configuartion in shorewall for internal clients to see theweb pages via squid and dmz
Mahindra Patel wrote:> > -----Original Message----- > From: Mahindra Patel [mailto:mahindra@caseys.co.uk] > Sent: 07 January 2008 12:49 > To: Shorewall Users > Subject: RE: [Shorewall-users] Help needed need to restart port > redirectionand apply configuartion in shorewall for internal clients to > see theweb pages via squid and dmz > > > Dear Tom, > Enclosed is zip the startup and dump after the first port redirection > correction. > > The problem is at anytime shorwell is configured and configuaration applied > the port redirection to proxy does not work! > > i.e internal users cannot surf the web. > > To correct this issue I go in webmin squid module and go to port redirection > module in squid and just save the the redirection eth0. > > This then enables internal clients to access the web but then the internal > clients cannot connect to dmz via internal address 192.168.10.1 and > 192.168.10.2 > To correct this then requires another refresh application in the shorewall. > After that all is good. status dump2 final dump when all is good. > > Hope you can help.It looks to me like that, at some point, you did a ''shorewall save''. Now, when you reboot, the system is restoring the saved configuration rather than recompiling your current configuration and installing it. You can either: a) Be sure that you are running the correct (working) configuration and do another ''shorewall save''. Remember to ''shorewall save'' after each configuration change (do the ''save'' after you have verified that the configuration change is correct). If you take this approach, you should also install ''make'' on your firewall. That way, if the saved configuration is out of date (is older than some file in /etc/shorewall), Shorewall will recompile your configuration and install it during boot. or b) Execute the command ''shorewall forget''. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace