thr3ads.net - Shorewall users - Problems described in (FAQ 2) if I insist on an IP solution to the accessibility problem rather than a DNS solution still persist. (series of Can''t connect from LAN to DNAT www server) [Mar 2004]

If this information is useful, please help other people find it:
Share via:

Varga Pavol

2004-Mar-15 19:58 UTC

Problems described in (FAQ 2) if I insist on an IP solution to the accessibility problem rather than a DNS solution still persist. (series of Can''t connect from LAN to DNAT www server)

Hi,
> a) What results do you see when you try to connect.
Looking up 192.168.1.10 first
Looking up 192.168.1.10
Making HTTP connection to 192.168.1.10
Sending HTTP request.
HTTP request sent; waiting for response.
HTTP/1.1 302 Object moved
''A''lways allowing from domain
''192.168.1.10''.
Data transfer complete
HTTP/1.1 302 Object moved
Looking up www.dashofer.sk
Making HTTP connection to www.dashofer.sk
Alert!: Unable to connect to remote host.

# shorewall version
1.4.8

# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:02:b3:a3:64:63 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.20/24 brd 192.168.1.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:04:e2:24:ef:08 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.1/24 brd 192.168.0.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:50:04:4b:66:54 brd ff:ff:ff:ff:ff:ff
    inet 217.118.104.9/29 brd 217.118.104.15 scope global eth2

# ip route show
217.118.104.8/29 dev eth2  scope link
192.168.1.0/24 dev eth0  scope link
192.168.0.0/24 dev eth1  scope link
127.0.0.0/8 dev lo  scope link
default via 217.118.104.10 dev eth2

I installed Shorewall with using Two-interface QuickStart guide.   

Regards,
Palo.
 <<status.txt>>  <<policy>>  <<rules>>

Tom Eastep

2004-Mar-15 20:06 UTC

head link

Re: Problems described in (FAQ 2) if I insist on an IP solution to the accessibility problem rather than a DNS solution still persist. (series of Can''t connect from LAN to DNAT www serve

On Mon, 15 Mar 2004, Varga Pavol wrote:
> Hi,
>
> > a) What results do you see when you try to connect.
>
> Looking up 192.168.1.10 first
> Looking up 192.168.1.10
> Making HTTP connection to 192.168.1.10
> Sending HTTP request.
> HTTP request sent; waiting for response.
> HTTP/1.1 302 Object moved
> ''A''lways allowing from domain
''192.168.1.10''.
> Data transfer complete
> HTTP/1.1 302 Object moved
> Looking up www.dashofer.sk
> Making HTTP connection to www.dashofer.sk
> Alert!: Unable to connect to remote host.
>
Your REDIRECT rule for your proxy is masking your DNAT rule. Reverse the
order of these rules.

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Shorewall users - Mar 2004 - Problems described in (FAQ 2) if I insist on an IP solution to the accessibility problem rather than a DNS solution still persist. (series of Can''t connect from LAN to DNAT www server)

Problems described in (FAQ 2) if I insist on an IP solution to the accessibility problem rather than a DNS solution still persist. (series of Can''t connect from LAN to DNAT www server)

Re: Problems described in (FAQ 2) if I insist on an IP solution to the accessibility problem rather than a DNS solution still persist. (series of Can''t connect from LAN to DNAT www serve