Hi,
our local network does not access the website we host inside it while an external access will access it without any single problem.
192.168.0.4 = our windows server with IIS
192.168.0.24 = our linux server that route everything
Example:
Quote:
External Client access the domain www.test.com it will come to our network up to our linux server that will forward the request to a webserver at our local network soon, www.test.com goes to xxx.xxx.xxx.xxx (external ip) that tells to go to yyy.yyy.yyy.yyy (internal IIS server)
|
the same proccess should happen to the internal client but instead the squid return "111 Connection refused".
i have the follow network setup:
Quote:
web <-> router <-> linux server (firewall, bind, squid, apache, mysql, mail) <-> local network
|
Our linux server has 3 network cards:
Quote:
First card receives the primary external ip.
Second card deal the local network.
Third card receives the secondary external ip.
|
we have 3 cards because we were unable to make both ips to work on the first card... it was well configured as alias with all the settings, netmask, gateway but it won't work, anyway lets move to the primary problem.
here is our firewall configs, that we are using with shorewall:
Policy
Quote:
#SOURCE DEST POLICY LOG LIMIT:BURST
# LEVEL
loc bet DROP info
loc net DROP info
loc fw ACCEPT
loc vpn ACCEPT
fw net ACCEPT
fw bet ACCEPT
fw loc ACCEPT
fw vpn ACCEPT
vpn loc ACCEPT
vpn fw ACCEPT
net all DROP info
bet all DROP info
all all REJECT info
#LAST LINE -- DO NOT REMOVE
|
rules
Quote:
#############################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINALRATE USER/
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW
ACCEPT net fw udp 53 -
ACCEPT net fw udp 953 -
ACCEPT net fw tcp 953 -
ACCEPT net fw tcp 53 -
ACCEPT bet fw tcp 53 -
ACCEPT bet fw udp 53 -
ACCEPT bet fw tcp 953 -
ACCEPT bet fw udp 953 -
ACCEPT net fw tcp 110 -
ACCEPT net fw tcp 25 -
ACCEPT bet fw tcp 25 -
ACCEPT bet fw tcp 110 -
ACCEPT net fw tcp 3232 -
ACCEPT bet fw tcp 3232 -
ACCEPT net fw tcp 2136 -
ACCEPT bet fw tcp 2136 -
ACCEPT loc net tcp 10000 -
ACCEPT loc bet tcp 10000 -
ACCEPT loc net tcp 3057 -
ACCEPT loc bet tcp 3057 -
ACCEPT loc bet tcp 25,110 -
ACCEPT loc bet tcp 3389 -
DNAT net loc:192.168.0.4:3389 tcp 3389 -
DNAT net loc:192.168.0.96 tcp 5900 -
DNAT bet loc:192.168.0.96:3389 tcp 4000 -
#REDIRECIONAMENTOS
DNAT net loc:192.168.0.4:5900 tcp 5904 -
DNAT net loc:192.168.0.4:80 tcp 80 - xxx.xxx.xxx.xxx # xxx ... external ip
DNAT loc loc:192.168.0.4:80 tcp 80 - xxx.xxx.xxx.xxx # xxx ... external ip
#FIM REDIRECIONAMENTOS
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
interfaces
Quote:
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect
loc eth2 192.168.1.255 dhcp
vpn ppp+
bet eth3 detect
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
zones
Quote:
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
loc ipv4
vpn ipv4
bet ipv4
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
|
could any one help me out on this ?