I have shorewall almost working! I want that I can reach from the local LAN Internet sites, and that the Internet can reach my firewall''s servers, like http So far it seems to work. I have virtual domains in Apache 2 and use also IPv6. I can reach the ipv6 site: http://ipv6.elmit.com:226 from my local LAN, but I cannot reach the site: http://ipv6.wiplinger.org:226 (I use port 226 to make sure that the connection is made via IPv6) On the server (fw) I can reach both! The log file reports as success BOTH sites to the LAN My setup is a 4 port Ethernet card whereby eth0 is the Internet, eth1, eth2 are setup but not connected, and eth3 is the internal LAN. All necessary config files are at http://www.elmit.com/shorewall-help I could not test from the Internet if the web site is reachable via IPv6. If somebody has access to IPv6, I would appreciate if he can test this. Am I right that the file policy is a "general rule", while the rules are more or less exceptions to this rule? bye Ronald -- Ronald Wiplinger (CEO of ELMIT) http://www.elmit.com +886 (0) 915 653-452 - I''m a SpamCon Foundation Member, #694, Verify it at http://www.spamcon.org PS: Spam prevention! Our system is protected with a spam prevention program. If you send us an e-mail, our system will send you a confirmation message back. Just reply to this confirmation message please. After receiving this confirmation message, our system will send the hold message (one) and all future messages (after the received confirmation message) to me without asking you again.
Forget it! I solved it. I forgot to delete the *.jnl files when I restarted the name server. bye Ronald Ronald Wiplinger wrote:> I have shorewall almost working! > > I want that I can reach from the local LAN Internet sites, and that > the Internet can reach my firewall''s servers, like http > So far it seems to work. > > I have virtual domains in Apache 2 and use also IPv6. > I can reach the ipv6 site: http://ipv6.elmit.com:226 from my local > LAN, but I cannot reach the site: > http://ipv6.wiplinger.org:226 > (I use port 226 to make sure that the connection is made via IPv6) > > On the server (fw) I can reach both! > > The log file reports as success BOTH sites to the LAN > > My setup is a 4 port Ethernet card whereby eth0 is the Internet, eth1, > eth2 are setup but not connected, and eth3 is the internal LAN. > > All necessary config files are at http://www.elmit.com/shorewall-help > > I could not test from the Internet if the web site is reachable via > IPv6. If somebody has access to IPv6, I would appreciate if he can > test this. > > Am I right that the file policy is a "general rule", while the rules > are more or less exceptions to this rule? > > bye > > Ronald >-- Ronald Wiplinger (CEO of ELMIT) http://www.elmit.com +886 (0) 915 653-452 - I''m a SpamCon Foundation Member, #694, Verify it at http://www.spamcon.org PS: Spam prevention! Our system is protected with a spam prevention program. If you send us an e-mail, our system will send you a confirmation message back. Just reply to this confirmation message please. After receiving this confirmation message, our system will send the hold message (one) and all future messages (after the received confirmation message) to me without asking you again.