Re: remote connection problem
You have 2 options, one is correct and the other is most preferred by ppl who don't know any
better.
1. Drop all pkts from the internal network too the FW's external IP. This forces the DMZ to only
use DMZ addresses. HINT: dnsmasq pkg works well here and also resolvconf. I think if you
configure bind on the external and lo interfaces and dnsmasq on the internal all will be peachy.
Also don't forget to put your hostnames with there internal IPs in /etc/hosts.
2. Setup dnat on the internal interface for the internal services, this will likely slow down your
network.
--- Trustation Argentina <pastahlhofer@trustation.com> wrote:
> Hi,
> I have a problem that I think can be solved only by experts, not like me
> obviously.
>
> I have a LAN 192.100.0.0/99 with 20 PC's, 1 MS Exchange Server acting as
> Mail Server and RAS Server, 1 Debian firewall with DNS (primary 24.232.0.17)
> , 1 MS Web server for e-commerce (192.100.0.50).
>
> We have also a remote PC with static IP adress (192.100.0.34) that connects
> to the RAS Server (dial-up connection) to see the e-commerce web site.
>
> The problem we have is that this remote PC once validated in the domain
> fails when trying to access a web page that is hosted in the Web Server
> (192.100.0.50). All the local PC's connected to the LAN have no problems. If
> I see the logs the destination of the package is resolved by the DNS so the
> remote PC never can see the web page. I can give you the log as follows:
>
> Dec 29 18:18:38 MSPORQUIDEA kernel: [ 192.100.0.34 FWD ] IN=eth1 OUT=eth0
> SRC=192.100.0.34 DST=24.232.0.17 LEN=58
> TOS=0x00 PREC=0x00 TTL=126 ID=28417 PROTO=UDP SPT=137 DPT=53 LEN=38
>
> I'd appreciate any idea.
>
> Best regards
>
> Pablo Stahlhofer
>
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
__________________________________
Do you Yahoo!?
Find out what made the Top Yahoo! Searches of 2003
http://search.yahoo.com/top2003
Reply to: