Thibodeau, Jamie L.
2004-Oct-19 22:39 UTC
Problem with Internal accessing internal via web
I am not a member of the mailing list. Shorewall version 2.0.9 ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 4: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:06:5b:74:b5:f3 brd ff:ff:ff:ff:ff:ff inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0 inet6 fe80::206:5bff:fe74:b5f3/64 scope link valid_lft forever preferred_lft forever 5: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:02:b3:a8:00:52 brd ff:ff:ff:ff:ff:ff inet 129.15.70.48/23 brd 129.15.71.255 scope global eth1 inet 129.15.70.56/23 brd 129.15.71.255 scope global secondary eth1:1 inet 129.15.70.24/23 brd 129.15.71.255 scope global secondary eth1:2 inet 129.15.70.49/23 brd 129.15.71.255 scope global secondary eth1:3 inet6 fe80::202:b3ff:fea8:52/64 scope link valid_lft forever preferred_lft forever 6: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 ip route show 192.168.1.0/24 dev eth0 scope link 129.15.70.0/23 dev eth1 scope link 169.254.0.0/16 dev eth1 scope link 127.0.0.0/8 dev lo scope link default via 129.15.70.1 dev eth1 My problem is this. I have two machines setup in the /etc/shorewall/nat file One of these machines is a web server running iis 6.0, I have a rule setup to allow net loc:192.168.1.3 tcp 80 for web traffic. From any machine I can get to this, this works great. What doesn''t work is when I try to get to the web site from the other machine that is behind the firewall. It is also setup with a one-to-one nat. I can access the web fine by internal IP but I can''t get to it from the external IP. Do I need to setup some kind of route in the routing table or is it a rule that I am missing somewhere? Here is my rules file contents RATE USER/ # PORT PORT(S) DEST LIMIT GROU ACCEPT fw net all ACCEPT loc fw all ACCEPT fw loc all ACCEPT net loc:192.168.1.3 tcp 80 ACCEPT net loc:192.168.1.56 tcp 1127 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE Any help would be appriciated/ Thanks Jamie
Have you read FAQ #2 ? http://www.shorewall.net/FAQ.htm#id2438199 [Guilsson] On Tue, 19 Oct 2004 17:39:09 -0500, Thibodeau, Jamie L. <jthibodeau@ou.edu> wrote:> I am not a member of the mailing list. > > Shorewall version 2.0.9 > > ip addr show > 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 brd 127.255.255.255 scope host lo > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever > 4: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 > link/ether 00:06:5b:74:b5:f3 brd ff:ff:ff:ff:ff:ff > inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0 > inet6 fe80::206:5bff:fe74:b5f3/64 scope link > valid_lft forever preferred_lft forever > 5: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 > link/ether 00:02:b3:a8:00:52 brd ff:ff:ff:ff:ff:ff > inet 129.15.70.48/23 brd 129.15.71.255 scope global eth1 > inet 129.15.70.56/23 brd 129.15.71.255 scope global secondary eth1:1 > inet 129.15.70.24/23 brd 129.15.71.255 scope global secondary eth1:2 > inet 129.15.70.49/23 brd 129.15.71.255 scope global secondary eth1:3 > inet6 fe80::202:b3ff:fea8:52/64 scope link > valid_lft forever preferred_lft forever > 6: sit0: <NOARP> mtu 1480 qdisc noop > link/sit 0.0.0.0 brd 0.0.0.0 > > ip route show > 192.168.1.0/24 dev eth0 scope link > 129.15.70.0/23 dev eth1 scope link > 169.254.0.0/16 dev eth1 scope link > 127.0.0.0/8 dev lo scope link > default via 129.15.70.1 dev eth1 > > My problem is this. > > I have two machines setup in the /etc/shorewall/nat file > > One of these machines is a web server running iis 6.0, I have a rule > setup to allow net loc:192.168.1.3 tcp 80 for web traffic. From any > machine I can get to this, this works great. What doesn''t work is when I > try to get to the web site from the other machine that is behind the > firewall. It is also setup with a one-to-one nat. I can access the web > fine by internal IP but I can''t get to it from the external IP. Do I > need to setup some kind of route in the routing table or is it a rule > that I am missing somewhere? > > Here is my rules file contents > > RATE USER/ > # PORT PORT(S) DEST > LIMIT GROU > ACCEPT fw net all > ACCEPT loc fw all > ACCEPT fw loc all > ACCEPT net loc:192.168.1.3 tcp 80 > ACCEPT net loc:192.168.1.56 tcp 1127 > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > Any help would be appriciated/ > > Thanks > Jamie > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >