Shorewall for web server?

Timothy Murphy tim at
Mon Dec 26 12:45:21 UTC 2005

I have shorewall working perfectly on my little home LAN,
using the two-interfaces configuration
(from <>).

Now I'd like to allow access to a web-server (httpd)
on my shorewall machine - a desktop computer 
connected to the internet through an ADSL modem.

I'm finding this surprisingly difficult;
I've added the two lines

DNAT    net    loc: tcp     80   -
DNAT     net     loc:  tcp    www

to the shorewall rules (and re-started shorewall and httpd)
but when I try to access the web-server from outside
I get many warnings in /var/log/messages of the form

Dec 26 10:13:47 alfred kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= 
MAC= SRC= DST= LEN=48 TOS=0x00 PREC=0x00 
TTL=117 ID=58867 DF PROTO=TCP SPT=3849 DPT=1433 
WINDOW=16384 RES=0x00 SYN URGP=0

I attach the output of iptables -L .

Any advice or suggestions gratefully received;
in particular if anyone is running shorewall in a similar setup
I should be most grateful to see their /etc/shorewall/rules file.

Timothy Murphy  
e-mail (<80k only): tim /at/
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: shorewall-rules
URL: <>

More information about the fedora-list mailing list