I have shorewall 1.3.12 installed on a redhat 8 fully patched machine with
three nicks. Eth0 has 10 IP''s bound to it and has been succsessfully
routing
web traffic to servers on the dmz.
This morning I added another server to the DMZ, configured my network with
the correct IP, configured dnat in "rules" and restarted both. From a
standalone machine that is
on the same segment as eth0 (a Public IP), I can view and navigate the
websites on that server, but from any other segment (the Internet) I can not
view the pages. I started a Ethereal capture on eth0, eth1 (dmz) and on the
web server. Again, when I reach the server from the machine on my local
external segment I can see the traffic on all 3 sniffers. From the Internet,
I can see it reach the shorewall machine and then nothing..... I started up
a sniffer on eth2, but still nothing. In the log there is no DROP or REJECT
messages that correspond to the correct IP or time. I am quite stumped....
These packets appear to be reaching the shorewall and then going off to
never never land :) On the snifer external to the firewall, I can see the
request packet, but no packets in return.
There are no routing rules on the web server, nor any rules in this range
on the Shorewall machine.
Any ideas on where to go from here would be appreciated,
Thanks for your time,
Steve Postma
System Administrator
Travizon