Can access my webserver from intranet only

[emilioestevezz]

Hi, i ve a firewall running mandrake 10, just as a firewall only, with shorewall 2.0. Then i got another box running mandrake 10 too, but his one has mail and webserver, the thing is that i can send and reciebe mails internally and to the big net, but when other people from the net try to access the webserver they get "conection refused" and only from the intranet they can see the website.

 

On the firewall i have a rule that says:

 

DNAT net loc:90.0.0.2 tcp 80

 

90.0.0.2, is the ip of the host where the webserver (apache 2.0) is runnig.

 

I was told that was the only thing i got to configure on the firewall´s rules was this DNAT rule but its not working as i expected. Can anyone help me with this??

 

If you need more details or config parts just tell me.

 

Thanks.

Emilio.

[streeter]

What I would do first is run ethereal (a packet sniffer) on the web server, get somebody to make a request to the server and check the output of ethereal to make sure the request has got through.

 

If it does, look at the apache config. If not look at the firewall.

 

Chris

[SwiftDeath]

Did you try it on odd ports? Most ISPS block webserver and mailserver ports like 80,21,25 and etc...

 

Try an odd port like 10000, or something.

 

I think that'd be your best bet.

[emilioestevezz]

Did you try it on odd ports? Most ISPS block webserver and mailserver ports like 80,21,25 and etc...

 

Try an odd port like 10000, or something.

 

I think that'd be your best bet.

<{POST_SNAPBACK}>

 

No i didn´t cos after using this dedicated server i have one box with the firewall, webserver and mail server all in one working fine trough port 80, but now separating the firewall is causing me trouble. I m sure it must be some configuration problem , but i cant figure it out by now.

 

Thanks.

Emilio