Tom Eastep
2002-Aug-22 00:57 UTC
Fwd: Re: [Shorewall-users] cant access server in proxy-arped dmz from $FW but works ok from loc and net...
---------- Forwarded Message ---------- Subject: Re: [Shorewall-users] cant access server in proxy-arped dmz from $FW=20 but works ok from loc and net... Date: Wed, 21 Aug 2002 17:15:25 -0700 From: Tom Eastep <teastep@ursa.shorewall.net> To: "Andreas Bittner" <bittner@rz.fh-heilbronn.de> On Wednesday 21 August 2002 04:50 pm, Andreas Bittner wrote:> Hi all, > > again me. What am i doing wrong. i have setup the proxy apred dmz zone all > right. it pings fine from loc and net and also connects all right to my > proxy-arped (with public ip) mailserver in the dmz.. i want to try to > telnet to it directly from the linux firewall box ($FW) but it never > answers me.. alhough i can ping it from the $FW box.. > > /var/log/mesages doesnt dispaly any errors or attempts/denies when i try to > telnet to smtp or pop3 port ... so what am i doing wrong... i even tried to > explicitly accept $FW dmz:publicip tcp smtp in /etc/shorewall/rules but > still doesnt work. > > i even tried accept $FW dmz all - > > and also with policy to allow FW complete access to DMZ...I suggest you look at the problem with tcpdump -- adding more and more lenient firewall rules never solves this type of problem.> i have also a question regarding the documenttion. on the shorewall > examples and your config files, sometimes you write just "fw" for the fw > zone, and sometimes you state "$FW" .. but the rules explanation states it > should be always $FW..Look in shorewall.conf -- there''s a FW variable which is by default is set to ''fw''. In most of my documentation, I assume the default.> and i also found some confusion with DENY and DROP in some configuration > file... on the website you say the one, in the config file explanation you > say the other....DROP is correct -- the config file version in CVS=09was corrected some time ago but I haven''t released it yet.> anyways, so i dont get it why a direct telnet > publicipofmysmtpserverinthedmz 25 doesnt work when directly started on the > $FW box itself? > > anyone any ideas? > > thanks again and cheers, > Andy > > > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users-- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net ------------------------------------------------------- --=20 Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net