Shorewall users - Aug 2002 - cant access server in proxy-arped dmz from $FW but works ok from loc and net...

Hi all,

again me. What am i doing wrong. i have setup the proxy apred dmz zone all
right. it pings fine from loc and net and also connects all right to my
proxy-arped (with public ip) mailserver in the dmz.. i want to try to telnet to
it directly from the linux firewall box ($FW) but it never answers me.. alhough
i can ping it from the $FW box..=20

/var/log/mesages doesnt dispaly any errors or attempts/denies when i try to
telnet to smtp or pop3 port ... so what am i doing wrong... i even tried to
explicitly accept $FW dmz:publicip tcp smtp  in /etc/shorewall/rules but still
doesnt work.

i even tried accept $FW dmz all -

and also with policy to allow FW complete access to DMZ...

i have also a question regarding the documenttion. on the shorewall examples and
your config files, sometimes you write just "fw" for the fw zone, and
sometimes you state "$FW" .. but the rules explanation states it
should be always $FW..

and i also found some confusion with DENY and DROP in some configuration file...
on the website you say the one, in the config file explanation you say the
other....=20

anyways, so i dont get it why a direct telnet publicipofmysmtpserverinthedmz 25
doesnt work when directly started on the $FW box itself?

anyone any ideas?

thanks again and cheers,
Andy