Is your server allow connexion other from himself ? If you try to connect your firewall to you http server, it's right ? Franck -------- Message d'origine-------- De: Vedran Vucic [mailto:vvucic@EUnet.yu] Date: dim. 08/01/2006 19:27 À: shorewall-users@lists.sourceforge.net Cc: Objet: [Shorewall-users] DNAT hello, I have two eth interfaces gateway/router that i swith one public IP connected to the Internet. Local machines use private IPs. One of those machines is CD server that support http protocol. I would liek to use direct some links from our site that i son other computer on the Internet (not in LAN) to our CD server. I used DNAT and specified protocol tcp, port 80, IP of server where is our site hosted and private IP of Cd server, but I am continuously getting information that connection is refused while connecting IP of my gateway that does have public IP. Hm, I do not know where is mistake/problem. I contacted ISP and they told me that they do not block port 80 for redirection. Any advise? Best wishes, Vedran Vucic ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
It is possible to ping it. Maybe I mad emistake in policy file:? This is from my policy file: SOURCE DEST POLICY LOG LIMIT:BURST # LEVEL loc net ACCEPT net all DROP info fw net ACCEPT all all REJECT info Any advise? Thanks a lot!! Vedran Quoting Franck Barel <franck@fdprod.com>:> Is your server allow connexion other from himself ? > If you try to connect your firewall to you http server, it''s right ? > Franck > > -------- Message d''origine-------- > De: Vedran Vucic [mailto:vvucic@EUnet.yu] > Date: dim. 08/01/2006 19:27 > Ã: shorewall-users@lists.sourceforge.net > Cc: > Objet: [Shorewall-users] DNAT > > > > > hello, > I have two eth interfaces gateway/router that i swith one public IP > connected > to > the Internet. Local machines use private IPs. One of those machines is CD > server that support http protocol. I would liek to use direct some links > from > our site that i son other computer on the Internet (not in LAN) to our CD > server. I used DNAT and specified protocol tcp, port 80, IP of server where > is > our site hosted and private IP of Cd server, but I am continuously getting > information that connection is refused while connecting IP of my gateway > that > does have public IP. > Hm, I do not know where is mistake/problem. I contacted ISP and they told > me > that they do not block port 80 for redirection. > Any advise? > > Best wishes, > > Vedran Vucic > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > >------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
Hello,
when I have done shorewall show nat I got the following output:
Shorewall-3.0.0 NAT at localhost - Sun Jan 8 23:01:48 CET 2006
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 63 packets, 4256 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 63 packets, 4256 bytes)
pkts bytes target prot opt in out source destination
Thanks,
vedran
Quoting Franck Barel <franck@fdprod.com>:
> Is your server allow connexion other from himself ?
> If you try to connect your firewall to you http server, it''s right
?
> Franck
>
> -------- Message d''origine--------
> De: Vedran Vucic [mailto:vvucic@EUnet.yu]
> Date: dim. 08/01/2006 19:27
> Ã: shorewall-users@lists.sourceforge.net
> Cc:
> Objet: [Shorewall-users] DNAT
>
>
>
>
> hello,
> I have two eth interfaces gateway/router that i swith one public IP
> connected
> to
> the Internet. Local machines use private IPs. One of those machines is
CD
> server that support http protocol. I would liek to use direct some links
> from
> our site that i son other computer on the Internet (not in LAN) to our
CD
> server. I used DNAT and specified protocol tcp, port 80, IP of server
where
> is
> our site hosted and private IP of Cd server, but I am continuously getting
> information that connection is refused while connecting IP of my gateway
> that
> does have public IP.
> Hm, I do not know where is mistake/problem. I contacted ISP and they told
> me
> that they do not block port 80 for redirection.
> Any advise?
>
> Best wishes,
>
> Vedran Vucic
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files
> for problems? Stop! Download the new AJAX search engine that makes
> searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
>
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
On Sunday 08 January 2006 14:03, Vedran Vucic wrote:> Hello, > > when I have done shorewall show nat I got the following output: > Shorewall-3.0.0 NAT at localhost - Sun Jan 8 23:01:48 CET 2006 > > Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > > > Chain POSTROUTING (policy ACCEPT 63 packets, 4256 bytes) > pkts bytes target prot opt in out source > destination > > > Chain OUTPUT (policy ACCEPT 63 packets, 4256 bytes) > pkts bytes target prot opt in out source > destinationShorewall is not started. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key