This message is in MIME format
--_=XFMail.1.5.2.Linux:20020122221549:2476=_
Content-Type: text/plain; charset=us-ascii
Using the FAQ Question #2, I''ve set up in my rules file this line, and
I have
noticed a potential problem.  With a line like this:
ACCEPT  net     local:192.168.2.42  tcp  
ssh,ftp,ftp-data,smtp,imaps,auth,http,https,domain  -  aa.bb.cc.dd
Where aa.bb.cc.dd is my external address.  Local redirects don''t work. 
If I
however have just the ''http'' specified without all the other
services the
redirect works.  ie,
ACCEPT  net     local:192.168.2.42  tcp     http  -  aa.bb.cc.dd
Does the local redirect only bind to the first port listed? Nothing else was
changed in my experimenting.
-- 
Regards,
Chris
-----
Chris Freeze           Email: cfreeze@alumni.clemson.edu
                         Web: http://www.cfreeze.com 
--_=XFMail.1.5.2.Linux:20020122221549:2476=_
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8Tjj1pYf63jYRQj8RArW6AJ4xBuvkGmnxfb7xYVMhoLbsrIVuaACdG48/
7+vLmyg9fCJYQyUHJ+bHDhM=fV46
-----END PGP SIGNATURE-----
--_=XFMail.1.5.2.Linux:20020122221549:2476=_--
End of MIME message
On Tuesday 22 January 2002 08:15 pm, Chris Freeze wrote:> Using the FAQ Question #2, I''ve set up in my rules file this line, and I > have noticed a potential problem. With a line like this: > > ACCEPT net local:192.168.2.42 tcp > ssh,ftp,ftp-data,smtp,imaps,auth,http,https,domain - aa.bb.cc.dd > > Where aa.bb.cc.dd is my external address. Local redirects don''t work. If > I however have just the ''http'' specified without all the other services the > redirect works. ie, > > ACCEPT net local:192.168.2.42 tcp http - aa.bb.cc.dd > > > Does the local redirect only bind to the first port listed?The above rule should have nothing to do with local redirection so something=20 else is going on with your setup.> Nothing else > was changed in my experimenting.Two questions. a) Which version of Shorewall are you running? b) How have you set up the local redirection (what does that rule look like)? -Tom --=20 Tom Eastep \ A Firewall for Linux 2.4.* AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Wednesday 23 January 2002 06:26 am, Tom Eastep wrote:> On Tuesday 22 January 2002 08:15 pm, Chris Freeze wrote: > > Using the FAQ Question #2, I''ve set up in my rules file this line, and I > > have noticed a potential problem. With a line like this: > > > > ACCEPT net local:192.168.2.42 tcp > > ssh,ftp,ftp-data,smtp,imaps,auth,http,https,domain - aa.bb.cc.dd > > > > Where aa.bb.cc.dd is my external address. Local redirects don''t work=2E=20 > > If I however have just the ''http'' specified without all the other > > services the redirect works. ie, > > > > ACCEPT net local:192.168.2.42 tcp http - aa.bb.cc.dd > > > > > > Does the local redirect only bind to the first port listed? > > The above rule should have nothing to do with local redirection so > something else is going on with your setup. >Ah -- I see the problem. There''s a typo in the FAQ! :-( The local redirection rule should look like: ACCEPT=09local=09local=09....... ----- -Tom --=20 Tom Eastep \ A Firewall for Linux 2.4.* AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
This message is in MIME format --_=XFMail.1.5.2.Linux:20020123180556:2476=_ Content-Type: text/plain; charset=us-ascii On 23-Jan-2002 Tom Eastep wrote:> Ah -- I see the problem. There''s a typo in the FAQ! :-( > > The local redirection rule should look like: > > ACCEPT local local ....... > -----That fixed it! Thx.. Although I think I am going to redo this with the bind9 views as you suggested. -- Regards, Chris It is not well to be thought of as one who meekly submits to insolence and intimidation. ----- Chris Freeze Email: cfreeze@alumni.clemson.edu Web: http://www.cfreeze.com --_=XFMail.1.5.2.Linux:20020123180556:2476=_ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8T0/kpYf63jYRQj8RArWFAKC86AHywHOs7s3LqbA2ETFB1UqgnQCeI0Nb qK6Vf2MZ5+kjQ/MOZiZpxjE=3Bz3 -----END PGP SIGNATURE----- --_=XFMail.1.5.2.Linux:20020123180556:2476=_-- End of MIME message