Timothy Murphy wrote:
I have shorewall working perfectly on my little home LAN,
using the two-interfaces configuration
(from <http://www.shorewall.net/two-interface.htm>).
Now I'd like to allow access to a web-server (httpd)
on my shorewall machine - a desktop computer
connected to the internet through an ADSL modem.
I'm finding this surprisingly difficult;
I've added the two lines
DNAT net loc:192.168.1.1 tcp 80 - 86.43.71.228
DNAT net loc:192.168.1.1 tcp www
to the shorewall rules (and re-started shorewall and httpd)
but when I try to access the web-server from outside
I get many warnings in /var/log/messages of the form
Dec 26 10:13:47 alfred kernel: Shorewall:net2all:DROP:IN=ppp0 OUT=
MAC= SRC=80.231.0.106 DST=86.43.71.228 LEN=48 TOS=0x00 PREC=0x00
TTL=117 ID=58867 DF PROTO=TCP SPT=3849 DPT=1433
WINDOW=16384 RES=0x00 SYN URGP=0
That's nothing to do with the web server. Look at DPT: you web server's
on 80, that looking at 1433.
[summer@bilby ~]$ grep 1433 /etc/services
ms-sql-s 1433/tcp # Microsoft-SQL-Server
ms-sql-s 1433/udp # Microsoft-SQL-Server
[summer@bilby ~]$
Aren't you glad you're not running Windows SBS?
I attach the output of iptables -L .
I'd rather not:-( Put them on your webserver
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list
