From: John S. <be...@am...> - 2001-12-09 19:45:29
|
If I understand this correctly, I am assuming your firewall server and = your web server are served from the same machine. If this is so, you need to realize your firewall machine is in the fw = zone, and not the local zone. Add or modify rules to allow net-to-fw = rather than net-to-local if this is in fact true. That should solve at = least your www issue. FTP is a special case, but since it's working local-to-net, it should = also work if you add a fw-to-net as well. John Stroud ----- Original Message -----=20 From: Yogesh Sharma=20 To: Shorewall Users=20 Sent: Sunday, December 09, 2001 11:05 AM Subject: [Shorewall-users] www / ftp / ping Hi group, Please help !! 1. How can I provide www access to outside world to my website running = at my server: 2. From outside I cannot ping my server 3. I cannot download using ftp from any of the website (from my = server) but If I do ftp from any network laptop/pc I am able to do that. server is acting as router/ip masq/firewall/dhcp server eth1 connected to internet eth0 connected to internal hub=20 I added following rules: accept net local tcp www accept local net tcp www This is coming in /var/log/message for www access: <datetime> <servername> kernel: Shorewall:net2all:DROP:IN=3Deth1 = OUT=3D MAC=3D<idofcard> SRC=3D<src ip> DST=3D<ip of my eth1> LEN-60 = TOS=3D0x00 PREC=3D0x00 TTL=3D61 ID=3D32230 DF PROTO=3DTCP SPT=3D3752 = DPT=3D80 WINDOW=3D32120 RES=3D0x00 SYN URGP=3D0 This is coming in /var/log/message when I am trying to connect to any = ftpserver from my server: <datetime> <servername> kernel: Shorewall:all2all:REJECT:IN=3D = OUT=3Deth1 SRC=3D< ip of my server> DST=3D<ftpserver ip> LEN-60 = TOS=3D0x10 PREC=3D0x00 TTL=3D64 ID=3D14336 PROTO=3DTCP SPT=3D33342 = DPT=3D21 WINDOW=3D5840 RES=3D0x00 SYN URGP=3D0 Thanks |