I have a problem with my local machine, it''s like this : http://www.shorewall.net/FAQ.htm#faq2 but the solution don''t work, somebody can help me?
On Mon, 19 May 2003 10:42:14 +0200, Fabien - NCTEL <fabien@nctel.net> wrote:> I have a problem with my local machine, it''s like this : > http://www.shorewall.net/FAQ.htm#faq2 > > but the solution don''t work, somebody can help me?Not if you don''t give us some details. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
all details are in the faq and i have this rule in rules : 10.0.0.X --> adress local of the web server 213.30.138.X --> ip alias of the firewall (to the net, eth0) DNAT net loc:10.0.0.X tcp 80 - 213.30.138.X 213.30.138.X has a dns www.site.com and if i try this adress in internet (out of the local network), it works. But, if in local, i try to go to this site, it doesn''t work. ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Fabien - NCTEL" <fabien@nctel.net>; <shorewall-users@lists.shorewall.net> Sent: Monday, May 19, 2003 3:23 PM Subject: Re: [Shorewall-users] dns nat problem> On Mon, 19 May 2003 10:42:14 +0200, Fabien - NCTEL <fabien@nctel.net> > wrote: > > > I have a problem with my local machine, it''s like this : > > http://www.shorewall.net/FAQ.htm#faq2 > > > > but the solution don''t work, somebody can help me? > > Not if you don''t give us some details. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > Shoreline, \ http://www.shorewall.net > Washington USA \ teastep@shorewall.net
On Mon, 19 May 2003 15:30:53 +0200, Fabien - NCTEL <fabien@nctel.net> wrote:> all details are in the faq and i have this rule in rules : > 10.0.0.X --> adress local of the web server > 213.30.138.X --> ip alias of the firewall (to the net, eth0) > > DNAT net loc:10.0.0.X tcp 80 - 213.30.138.X > > 213.30.138.X has a dns www.site.com > and if i try this adress in internet (out of the local network), it > works. > But, if in local, i try to go to this site, it doesn''t work. >So what rule have you added to correct that (based on faq2)? And what is the IP address of your firewall''s internal interface? And what is the name of that interface? What version of Shorewall are you running? Have you made any changes to /etc/shorewall/interface as part of your attempt to fix the problem? -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Fabien - NCTEL wrote:> all details are in the faq and i have this rule in rules : > 10.0.0.X --> adress local of the web server > 213.30.138.X --> ip alias of the firewall (to the net, eth0) > > DNAT net loc:10.0.0.X tcp 80 - 213.30.138.X > > 213.30.138.X has a dns www.site.com > and if i try this adress in internet (out of the local network), it works. > But, if in local, i try to go to this site, it doesn''t work.Well, not very much detail yet, but what does host www.site.com give from the local network then? This is probably a nameserver issue, or i''m getting wrong... Regards, Pieter.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 19 May 2003 10:42, Fabien - NCTEL wrote:> I have a problem with my local machine, it''s like this : > http://www.shorewall.net/FAQ.htm#faq2 > > but the solution don''t work, somebody can help me? > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > http://lists.shorewall.net/mailman/listinfo/shorewall-users Support: > http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htmHi Normally when you are local you do not need to leave the local network therefore you should use apache with virtual ip. Point loc network towards the virtual ip of the web server in dmz. Ian - -- A child of five would understand this. Send someone to fetch a child of five. Groucho Marx - ---------------------------------------------------- This mail has been scanned for virus by AntiVir for UNIX Copyright (C) 1994-2003 by H+BEDV Datentechnik GmbH. PGP ID: 589F8449 Fingerprint: EB1C FACF 6BEB 540E 8AC0 F04E 2A25 A2F1 589F 8449 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+yP61KiWi8VifhEkRAujzAJ0XXEuo1ZMOA+n0nLy2esnxzLGJzgCfZyCO WYPIqQuCuxezrvO4tyEIdp0=TnJE -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 19 May 2003 10:42, Fabien - NCTEL wrote:> I have a problem with my local machine, it''s like this : > http://www.shorewall.net/FAQ.htm#faq2 > > but the solution don''t work, somebody can help me? > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > http://lists.shorewall.net/mailman/listinfo/shorewall-users Support: > http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htmSorry forgot to say that your DNS records have to amended for the virtual web server. Ian - -- A child of five would understand this. Send someone to fetch a child of five. Groucho Marx - ---------------------------------------------------- This mail has been scanned for virus by AntiVir for UNIX Copyright (C) 1994-2003 by H+BEDV Datentechnik GmbH. PGP ID: 589F8449 Fingerprint: EB1C FACF 6BEB 540E 8AC0 F04E 2A25 A2F1 589F 8449 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+yP8TKiWi8VifhEkRArZWAKCZeMqE92Q/E+huHxQjW430cHpR7wCfTIbF QaWixVldEjknZFbHWsyBpbE=GmoE -----END PGP SIGNATURE-----