> -----Original Message-----
> From: Gar Nelson [mailto:Gar.Nelson@noaa.gov]
> Sent: Friday, February 15, 2002 5:12 PM
> To: shorewall-users@shorewall.net
> Subject: [Shorewall-users] missing something on loc2net
>
>
> Enclosed is my params file. I''m using Shorewall 1.2.6 and
> the templates for "three-interfaces". The net is on eth0,
> my local users on eth1, and two machines are on the DMZ on
> eth2, one for web services, one for ftp services..
>
> Basically, what I want to do is;
>
> net2fw -> none fw2net -> none
> net2loc -> none fw2dmz -> none
> net2dmz -> ftp and http/s fw2loc -> none
>
> dmz2net -> ftp,ssh,dns loc2net -> everything
> dmz2fw -> none loc2fw -> ssh
> dmz2loc -> none loc2dmz -> ssh
>
> I don''t have the machine set up to test out the web function,
> but the machine that is doing ftp and ssh seems to be working.
> From the local network I can ssh into the firewall machine and
> the dmz ftp server. What I can''t seem to do is browse the web
> from a local machine.
>
> Any idea what I''m missing? The "params" file is the
only one
> I''ve changed from the "three-interfaces" templates.
>
> Thanks for any points in the right direction.
> Gar
Personally, I have not tried any of the example files, but I do run a 3
interface system that I configured from scratch. Anyway, the following
commands have always helped me with debuging my shorewall config files.
as root:
shorewall show loc2net
shorewall show net2loc
shorewall show loc2dmz
shorewall show dmz2loc
shorewall show fw2net
shorewall show net2fw
shorewall show nat
etc...
Basically, specify the two zone names separated by a "2". BTW: Your
firewall
is also a zone known as "fw". i.e. fw2net, fw2dmz, fw2loc, etc...
Steve Cowles