Internal Pc's can't access services at firewall box !
Hi guys... I had a SuSE 8.0 box acting as a Firewall (with 2 nics)... it also had installed an Apache Web Server, and my problem is that any of my internal Pc's can't reach any service at the Firewall Box. I setup the Firewall Rules using YaST, and even set to don't protect the Firewall from the internal Network... Any clue of how to setup or modify that box in order to allow internal traffic to legitime services provided by the Firewall on my internal Network ? Thanks !! bye --ed
I'm having similar behavior with 8.2. Strange thing is internal boxes can access Samba, and ssh, and some other apps, but they can't view the web server using my domain name. I can see in the log that requests from the internal card to port 80 are being dropped and on the _TCP_INT line I've got http, https, and 80 specified. There's no reason I can see for it to block that port. -- Keith Mickunas keith@mickunas.net I'll be deep in the cold, cold ground before I recognize Missourah! - Grandpa Simpson Quoting edvega@racsa.co.cr:
Hi guys... I had a SuSE 8.0 box acting as a Firewall (with 2 nics)... it also had installed an Apache Web Server, and my problem is that any of my internal Pc's can't reach any service at the Firewall Box.
I setup the Firewall Rules using YaST, and even set to don't protect the Firewall from the internal Network...
Any clue of how to setup or modify that box in order to allow internal traffic to legitime services provided by the Firewall on my internal Network ?
Thanks !!
bye
--ed
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
------------------------------------------------- This mail sent through IMP: http://horde.org/imp/
On Monday 28 July 2003 10:28, Keith Mickunas wrote:
but they can't view the web server using my domain name. I can see in the log that requests from the internal card to port 80 are being dropped and on the _TCP_INT line I've got http, https, and 80 specified. There's no reason I can see for it to block that port.
So can you see it if you type something like http://192.168.0.1/whatever.... (substituting your internal nic's ip for your domain? Its fairly common for firewalls to block out-and-in-again packets such as would result from using your domain-name. -- _____________________________________ John Andersen
Well I could, but then some of my php apps that are running on the server look to the machine's name to bring up some pages. I've got no control, or at least I don't think I do, over how that's happening. -- Keith Mickunas keith@mickunas.net I'll be deep in the cold, cold ground before I recognize Missourah! - Grandpa Simpson Quoting John Andersen <jsa@pen.homeip.net>:
On Monday 28 July 2003 10:28, Keith Mickunas wrote:
but they can't view the web server using my domain name. I can see in the log that requests from the internal card to port 80 are being dropped and on the _TCP_INT line I've got http, https, and 80 specified. There's no reason I can see for it to block that port.
So can you see it if you type something like http://192.168.0.1/whatever.... (substituting your internal nic's ip for your domain?
Its fairly common for firewalls to block out-and-in-again packets such as would result from using your domain-name.
-- _____________________________________ John Andersen
------------------------------------------------- This mail sent through IMP: http://horde.org/imp/
participants (3)
-
edvega@racsa.co.cr -
John Andersen -
Keith Mickunas