port forwarding

Fri Jul 25 09:52:09 CEST 2008

On Fri, 2008-07-25 at 08:25 +0400, Nikolay A. Fetisov wrote:
> On Thu, 24 Jul 2008 14:35:51 -0700
> Gary Koskenmaki wrote:
> 
> > ....
> > I set up a webserver in a dmz and it is accessible from the internet ...
> >  However, I cannot access that web server from the INT zone...
> 
> Do You allow HTTP traffic from INT to DMZ zone?
> Default configuration files pass only ssh, see line 
> 
> FORWARD[1]="INT ACCEPT tcp ssh 0.0.0.0/0=>0.0.0.0/0"
> 
> in zone.dmz.
> 
> BTW, FIAIF logs rejected/dropped packets, a lot of useful information
> could be found in /var/log/messages .
> 
Yes. I have tried allowing access directly to the dmz from int and it
didn't work.  Also, these connections are being dropped silently as far
as fiaif or iptables is concerned. There is no mention of them in the
logs at all and I have the fiaif logging level set to debug.