thr3ads.net - Shorewall users - [Shorewall-users] RE: Shorewall-users Digest, Vol 12, Issue 7 [Nov 2003]

If this information is useful, please help other people find it:
Share via:

Kevin Smith

2003-Nov-04 09:07 UTC

[Shorewall-users] RE: Shorewall-users Digest, Vol 12, Issue 7

>> #ACTION  SOURCE         DEST            PROTO   DEST    SOURCE
ORIGINAL>> #Ivisit---
>> ACCEPT  loc             net             udp	9940
>> ACCEPT  net             loc             udp              9940
>>
>Keven -- a loc->net policy other than ACCEPT should only be attempted by
>people who know what they are doing.--

This has been the only problem with this setup, this is a more secure setup
isnt it?

-->a)  messages being dropped in the loc2net chain have a SOURCE port of 9940.
>b) The loc->net rule you have specified above has DESTINATION port 9940.
>c) The second rule above also has destination port 9940; to specify a
>source port but no destination port, you must place "-" in the
destination
>port column.--

Duh, I had them flipped..

---
>d) Since you are masquerading, ACCEPT rules won''t work from
net->loc; see
>FAQ #30--

Ok TY.

--
Kev

Shorewall users - Nov 2003 - RE: Shorewall-users Digest, Vol 12, Issue 7

[Shorewall-users] RE: Shorewall-users Digest, Vol 12, Issue 7