I have configured one of my servers to be used as the firewall and proxy at the same time for some of my client workstations. I have used the Debian Sarge as my OS, Shorewall as my firewall, Squid and SquidGuard for my proxy. After configuring the server, and upon testing the internet access of my client workstations, it was successful. Now I am testing the access from the internet, I was trying to forward all HTTP access from the internet to one of my local server, but it seems that I have misconfigured or there are some other configurations that I should make, because the access can not be successful. The server have two-interfaces: eth0: 203.177.xx.xxx eth1: 192.168.0.4 Here are the shorewall configuration files: /etc/shorewall/interfaces Code: #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect loc eth1 detect maclist /etc/shorewall/zones Code: #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall net ipv4 loc ipv4 /etc/shorewall/policy Code: #SOURCE DEST POLICY LOG LIMIT:BURST # LEVEL loc net REJECT info loc $FW REJECT info loc all REJECT info $FW net ACCEPT info $FW loc REJECT info $FW all REJECT info net $FW REJECT info net loc REJECT info net all DROP info all all REJECT info /etc/shorewall/rules Code: #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT GROUP #SECTION ESTABLISHED #SECTION RELATED SECTION NEW ACCEPT net:203.177.xx.xxx/27 $FW tcp 22 #SSH ACCEPT net:203.177.xx.xxx/27 $FW tcp 10000 #Webmin ACCEPT net:203.177.xx.xxx/27 $FW udp 10000 #Webmin ACCEPT net:203.177.xx.xxx/27 $FW icmp 8 #PING #ACCEPT net $FW tcp 80 DNAT:info net loc:192.168.0.5 tcp 80 ACCEPT loc net tcp 80 ACCEPT $FW loc:192.168.0.5 tcp 80 ACCEPT $FW loc:192.168.0.5 tcp 22 ACCEPT $FW net tcp 80 ACCEPT loc:192.168.0.1/23 $FW tcp 22 I have checked whether NAT is enabled on my kernel and here are the results: Code: /etc/shorewall# sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1 Code: /etc/shorewall# cat /proc/sys/net/ipv4/ip_forward 1 Code: /etc/shorewall# cat /etc/network/options ip_forward=yes spoofprotect=yes syncookies=no When I try the connection, from a PC who uses another Public IP, and connect my browser to the server's Public IP address, the supposed Web Page is not displayed and an Error in connection is displayed. Is/Are there any other configuration files I should configure?
Nevermind guys, I just got it running. I forgot to put the correct gateway on the forwarded server. Everything's okay now.
