Shorewall for web server?

Timothy Murphy tim at birdsnest.maths.tcd.ie
Mon Dec 26 12:45:21 UTC 2005


I have shorewall working perfectly on my little home LAN,
using the two-interfaces configuration
(from <http://www.shorewall.net/two-interface.htm>).

Now I'd like to allow access to a web-server (httpd)
on my shorewall machine - a desktop computer 
connected to the internet through an ADSL modem.

I'm finding this surprisingly difficult;
I've added the two lines

DNAT    net    loc:192.168.1.1 tcp     80   -   86.43.71.228
DNAT     net     loc:192.168.1.1  tcp    www

to the shorewall rules (and re-started shorewall and httpd)
but when I try to access the web-server from outside
I get many warnings in /var/log/messages of the form

Dec 26 10:13:47 alfred kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= 
MAC= SRC=80.231.0.106 DST=86.43.71.228 LEN=48 TOS=0x00 PREC=0x00 
TTL=117 ID=58867 DF PROTO=TCP SPT=3849 DPT=1433 
WINDOW=16384 RES=0x00 SYN URGP=0

I attach the output of iptables -L .

Any advice or suggestions gratefully received;
in particular if anyone is running shorewall in a similar setup
I should be most grateful to see their /etc/shorewall/rules file.


-- 
Timothy Murphy  
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: shorewall-rules
Url: http://lists.fedoraproject.org/pipermail/users/attachments/20051226/51ddf02d/attachment-0002.pl 


More information about the users mailing list