Christian Aust wrote:> Hi,
>
> I want to configure a DMZ on a machine having 4 DSL lines and two
> ethernet connections to the internal network and the DMZ. Connecting
> from internal to a DMZ host works. Connection from the firewall to a DMZ
> host works, too. When I try to connect from the DMZ to an outside host,
> the connection times out at the SYN_RECV state after 60 seconds.
>
> Shorewall logs indicate that iptables ACCEPTS the connection from the
> DMZ to outside, however, it looks as if no packets are coming back.
> Masquerading is configured for both the internal and the DMZ network on
> all ppp lines and works for the internal network.
>
> Do I need to set up a bridge for this? What else can I do to debug this?
> A shorewall dump is attached. Kind regards,
I don''t see anything obviously wrong in the dump. But it is less useful
than it might have been given that it appears that you didn''t try any
dmz->net connections during the time period covered by the dump.
My suggestion is to use traditional network debugging techniques. Run
tcpdump or wireshark on each of the ppp interface, try a dmz->net
connection and see what is happening ''on the wire''.
-Tom
------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com