Hello, I was hoping someone might have a thought on this one... below are my current config files. I''m running RedHat 7.2, masq''ing to two WinXP machines. The RedHat and one of the WinXP machines both run webservers. I originally was trying to forward all port 80 to my WinXP machine with no real luck. So I changed course, turned off XPs server, and moved to the Apache server on my RedHat box. Now... when I type in my domain name from within the loc zone, everything resolves fine, the servers there, I can get my pages. But... anytime someone in the net zone tries, nothing, nada, zip, not even an error message to be seen on the firewall machine. (http://www.vonx.com/phpinfo.php ... try it) Anyway, any help is greatly appreciated... files: INTERFACES ==========#ZONE INTERFACE BROADCAST OPTIONS net ppp0 detect norfc1918,dhcp,routefilter loc eth1 detect routestopped #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE MASQ =====#INTERFACE SUBNET ADDRESS ppp0 eth1 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE POLICY ======#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST loc net ACCEPT fw net ACCEPT loc fw ACCEPT fw loc ACCEPT net loc DROP info net fw DROP info all all REJECT info #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE RULES =====#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST ##Webserver ACCEPT net fw tcp 80 ##ICQ ACCEPT net fw udp 4000 ACCEPT net fw tcp 4000:4100 ##SMTP #ACCEPT net fw tcp 25 ##POP3 #ACCEPT net fw tcp 110 ##Telnet #ACCEPT net fw tcp 23 ##SSH ACCEPT net fw tcp 22 ##MySQL ACCEPT net fw tcp 3306 ##BearShare ACCEPT net fw tcp 6346 ##Pitou ACCEPT net fw tcp 5000 ACCEPT net fw udp 5000 ##AIM file-sharing (forward) DNAT net loc:192.168.0.2 tcp 67 DNAT net loc:192.168.0.2 udp 67 DNAT net loc:192.168.0.3 tcp 68 DNAT net loc:192.168.0.3 udp 68 ##eDonkey (forward) DNAT net loc:192.168.0.2 tcp 4662 DNAT net loc:192.168.0.2 udp 4665 DNAT net loc:192.168.0.2 udp 3100:3300 ##FTP (forward) DNAT net loc:192.168.0.2 tcp 21 ##Terminal Services (forward) DNAT net loc:192.168.0.2 tcp 3389 ##DONE## #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE ZONES =====#ZONE DISPLAY COMMENTS net Net Internet loc Local Local networks #dmz DMZ Demilitarized zone #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE --TWB --- Thomas W. Badera WebTeam Manager Clarkson University baderatw@clarkson.edu
On Tue, 9 Jul 2002, Thomas W. Badera wrote:> Hello, > > I was hoping someone might have a thought on this one... below are my > current config files. I''m running RedHat 7.2, masq''ing to two WinXP > machines. The RedHat and one of the WinXP machines both run webservers. I > originally was trying to forward all port 80 to my WinXP machine with no > real luck. So I changed course, turned off XPs server, and moved to the > Apache server on my RedHat box. Now... when I type in my domain name from > within the loc zone, everything resolves fine, the servers there, I can get > my pages. But... anytime someone in the net zone tries, nothing, nada, zip, > not even an error message to be seen on the firewall machine. > (http://www.vonx.com/phpinfo.php ... try it) >Has it occured to you that your ISP may be blocking incoming connections on port 80? Try configuring your server to listen on port 8080 instead. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Tom Eastep schrieb:> > On Tue, 9 Jul 2002, Thomas W. Badera wrote: > > > Hello, > > > > I was hoping someone might have a thought on this one... below are my > > current config files. I''m running RedHat 7.2, masq''ing to two WinXP > > machines. The RedHat and one of the WinXP machines both run webservers. I > > originally was trying to forward all port 80 to my WinXP machine with no > > real luck. So I changed course, turned off XPs server, and moved to the > > Apache server on my RedHat box. Now... when I type in my domain name from > > within the loc zone, everything resolves fine, the servers there, I can get > > my pages. But... anytime someone in the net zone tries, nothing, nada, zip, > > not even an error message to be seen on the firewall machine. > > (http://www.vonx.com/phpinfo.php ... try it) > > > > Has it occured to you that your ISP may be blocking incoming connections > on port 80? Try configuring your server to listen on port 8080 instead.Try something like 7777, most ISP''s who are blocking port 80 also block 8080 :) Simon> > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users