8 Nov
2002
8 Nov
'02
15:34
Hi Frédéric, try #6. ) FW_MASQ_NETS="192.168.1.0/24 192.168.5.0/24" You do not want to masq everything, just your internal network and your DMZ # 9.) FW_SERVICES_EXT_TCP="80" FW_SERVICES_DMZ_TCP="80" FW_SERVICES_INT_TCP="80" You have to let the packets to your webserver through. Therefore you have to accept the port on your firewall. # 13.) FW_FORWARD="" Should be empty, only for public adresses. # 16.) FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_CRIT="no" FW_LOG_ACCEPT_ALL="no" Log everything which is blocked, so you can see whether the packets are blocked somewhere. Try to access your webserver and try tail -f /var/log/messages on the firewall to see, which packets are block. Thorsten