From: Javier P. <jp...@al...> - 2004-03-23 17:10:20
|
=20 Hello, I have installed Shorewall 2.0b with three interfaces and squid-proxy. Also, I have internal DNS server running in the same server where I have = my web page. =20 Connections from internet can view my web pages but not my internal = users if I configure the browser to use squid. Without squid everything it's ok. =20 Here is my shorewall configuration: =20 /etc/shorewall/rules: =20 REDIRECT loc 8080 tcp www - - =20 DNAT net dmz:192.168.1.136 tcp 3000 = - - DNAT loc dmz:192.168.1.136 tcp 3000 = - - # Accept DNS connections from the firewall to the Internet # ACCEPT fw net tcp 53 ACCEPT fw net udp 53 # Accept SSH connections from the local network to the firewall = and DMZ # ACCEPT loc fw tcp 22 #ACCEPT loc dmz tcp 22 # # DMZ DNS access to the Internet # ACCEPT dmz net tcp 53 ACCEPT dmz net udp 53 # # Make ping work bi-directionally between the dmz, net, Firewall = and local zone # (assumes that the loc-> net policy is ACCEPT). # ACCEPT net fw icmp 8 ACCEPT loc fw icmp 8 ACCEPT dmz fw icmp 8 ACCEPT loc dmz icmp 8 ACCEPT dmz loc icmp 8 ACCEPT dmz net icmp 8 ACCEPT fw loc icmp 8 ACCEPT fw dmz icmp 8 ACCEPT net dmz icmp 8 =20 /etc/shorewall/policy =20 loc net ACCEPT =20 loc fw ACCEPT loc loc ACCEPT # If you want open access to the Internet from your Firewall # remove the comment from the following line. fw net ACCEPT =20 fw dmz ACCEPT fw loc ACCEPT # Also If You Wish To Open Up DMZ Access To The Internet # remove the comment from the following line. dmz net ACCEPT =20 dmz fw ACCEPT dmz loc ACCEPT net all DROP info all all REJECT info =20 =20 Can anyone tell me what I doing wrong? =20 Thank you. =20 =20 =20 |