Hi Dave, I'm not sure about your network setup: at which interface is the webserver connected ? Also, shouldn't you have different subnets on the different interfaces ?
Internet | | eth0 (1.1.1.1) | FireWall---eth1 (1.1.1.2) | | Webserver (1.1.1.3)
--> I guess this should be someting like: FW: eth0: 1.1.1.1/255.255.255.0 FW: eth1: 1.1.2.1/255.255.255.0 Webserver: 1.1.2.2/255.255.255.0 Then you have an external interface with IP 1.1.1.1 and an internal interface with IP 1.1.2.1 which is a separate subnet.
FW_DEV_EXT="eth0" FW_DEV_DMZ="eth1" FW_ROUTE="yes" FW_MASQUERADE="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="ssh" FW_SERVICES_EXT_UDP="ssh"
--> SSH is only using TCP, so you can leave this empty
FW_SERVICES_DMZ_TCP="ssh"
--> Here you would need "ssh, http"
FW_SERVICES_DMZ_UDP="ssh"
--> SSH is only using TCP, so you can leave this empty
FW_SERVICES_DMZ_IP="" FW_TRUSTED_NETS="" FW_FORWARD="0/0,1.1.1.3,tcp,80"
--> This should then read "0/0,1.1.2.2,tcp,80"
FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no"
--> Try to increase the logging level by setting the _ALL variables to "yes" for testing. Please provide more information about your setup so we can better understand and help you. Cheers, Armin -- Am Hasenberg 26 office: Institut für Atmosphärenphysik D-18209 Bad Doberan Schloss-Straße 6 Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50