Hi All, here is my setup:
RH: 9.0, Kernel: 2.4.20-8, Shorewall: 1.4.6a
Zones:
net Net
loc Local => 192.168.168.0/24
dmz DMZ => 10.10.10.0/24
Interfaces:
net eth0 detect dhcp,routefilter,norfc1918
loc eth1 detect
dmz eth2 detect
Policy:
loc net ACCEPT
fw net ACCEPT
dmz net ACCEPT
net all DROP info
all all REJECT info
Proxyarp:
65.217.69.69 eth2 eth0 No
65.217.69.70 eth2 eth0 No
Rules:
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
ACCEPT loc fw tcp 22
ACCEPT loc dmz tcp 22
ACCEPT dmz net tcp 53
ACCEPT dmz net udp 53
ACCEPT net fw icmp 8
ACCEPT loc fw icmp 8
ACCEPT dmz fw icmp 8
ACCEPT loc dmz icmp 8
ACCEPT dmz loc icmp 8
ACCEPT dmz net icmp 8
ACCEPT fw loc icmp 8
ACCEPT fw dmz icmp 8
ACCEPT net dmz icmp 8 # Only with Proxy ARP and
ACCEPT net dmz tcp 80 => This is the only line that I added to the original
Three Interface files
Questions:
I am not able to open the web pages from web servers running in DMZ
(10.10.10.2 and 10.10.10.3), but when I ping from to 65.217.69.69 or
65.217.69.70 from the Internet, I get a reply.
How does Shorewall direct http requests from Internet to the DMZ, with
computers in DMZ having IP addresses 10.10.10.2 and 10.10.10.3? How does it
know if the request is for 65.217.69.69 or 65.217.69.70 ?
What is missing to reach the web servers in DMZ?
Your help is highly appreciated...thanks in advance !!
DK
_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
http://join.msn.com/?page=features/virus