Shorewall users - Jun 2003 - Question about reaching my apache server

Hi, all,

OS version: redhat 9.0
Shorewall version: 1.4.1a

I am sorry that I haven''t got anything similar in the
mailing list or FAQ, and could not figure out any
answer by reading the documentation. I am still a
newbie to shorewall.

I have set up a apache server in my firewall machine
(it is a very little home network). In the rules file,
I have defined the following rules:

ACCEPT      net     fw      tcp    443
ACCEPT      net     fw      tcp    80
REDIRECT    loc     3128    tcp    80
REDIRECT    wifi    3128    tcp    80

zone loc and wifi are my wired network and wireless
network at home respectively. I would the user form
outside be able to reach the apache server, while the
local users will use the squid transparently. However
after applying this rules, I cannot reach port 80 from
outside. No log is registered anywehere (not in
/var/log/messages or /var/log/squid/*) so I guess the
incoming packets are dropped silently. 

However the https protocol can come in without issues.
It proves that the apache is working. And using
netstat -a --tcp  I can tell apache is listening to 80
as well. 

Any suggestion is welcome. 


Regards,


Anthony




__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com

On Tue, 2003-06-17 at 07:22, Anthony Kong wrote:
> 
> Any suggestion is welcome. 
> 
Please post the output of "shorewall show nat"

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

I have attached the ouput. Please see if it is still
 missing anything.
 
 Regards,
 
 Anthony

P.S. Previously I have sent the same email using my
company account. But my company cannot actually sent
to the mailing list due to some setup issue as
mentioned already in shorewall website. So, please
ignore this mail if you have received it twice. 
 
> Tom Eastep wrote:
> 
> >On Tue, 2003-06-17 at 07:22, Anthony Kong wrote:
> >
> >  
> >
> >>Any suggestion is welcome. 
> >>
> >>    
> >>
> >
> >Please post the output of "shorewall show nat"
> >
> >-Tom
> >  
> >
> 
> > Shorewall-1.4.1a NAT at gateway - Wed Jun 18
> 10:28:51 HKT 2003
> 
> Counters reset Wed Jun 18 09:50:24 HKT 2003
> 
> Chain PREROUTING (policy ACCEPT 4000 packets, 254K
> bytes)
>  pkts bytes target     prot opt in     out    
> source               destination         
>    42  2814 wifi_dnat  all  --  eth1   *      
> 0.0.0.0/0            0.0.0.0/0          
>     0     0 loc_dnat   all  --  eth0   *      
> 0.0.0.0/0            0.0.0.0/0          
> 
> Chain POSTROUTING (policy ACCEPT 2314 packets, 162K
> bytes)
>  pkts bytes target     prot opt in     out    
> source               destination         
>     2   168 ppp0_masq  all  --  *      ppp0   
> 0.0.0.0/0            0.0.0.0/0          
> 
> Chain OUTPUT (policy ACCEPT 2854 packets, 219K
> bytes)
>  pkts bytes target     prot opt in     out    
> source               destination         
> 
> Chain loc_dnat (1 references)
>  pkts bytes target     prot opt in     out    
> source               destination         
>     0     0 REDIRECT   tcp  --  *      *      
> 0.0.0.0/0            0.0.0.0/0          tcp dpt:80
> redir ports 3128 
> 
> Chain ppp0_masq (1 references)
>  pkts bytes target     prot opt in     out    
> source               destination         
>     0     0 MASQUERADE  all  --  *      *      
> 202.40.46.0/24       0.0.0.0/0          
>     0     0 MASQUERADE  all  --  *      *      
> 192.168.0.0/24       0.0.0.0/0          
> 
> Chain wifi_dnat (1 references)
>  pkts bytes target     prot opt in     out    
> source               destination         
>     0     0 REDIRECT   tcp  --  *      *      
> 0.0.0.0/0            0.0.0.0/0          tcp dpt:80
> redir ports 3128 
> 

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com