Karl O. Pinc
Wed, 30 Dec 2009 08:01:38 -0800
On 12/30/2009 02:40:03 AM, Jordi Espasa Clofent wrote: > > I'm not paying much attention to the rest of your > > rules, but note that traffic > > going out the internal interface is coming from the > > Internet and so is _inbound_ traffic not outbound > > traffic as the comment would indicate. (You have other > > inbound quick rules in your ruleset so you can't just > > change out to in here and expect it to work.) > > Ok Karl, thanks. > I think I've a problem of missconception. > > So, I understand that this schema > > Internet ---bge1 --- bge0 --- LAN > > means at least 4 traffic to bge0 ruleset point of view:
There is no bge0 point of view, there is only the point
of view of the kernel.
>
> 1- Traffic from internet (coming from bge1): it's IN
In on bge1 (from Internet).
It may or may not get to bge0, if it does it's...
> 2- Traffic 1 to LAN: it's OUT
Out on bge0 (to LAN)
> 3- Traffic from LAN to bge0: it's IN
In on bge0 (from LAN).
It may or may not get to bge1, if it does it's...
> 4- Traffic from bge0 to bge1: it's OUT
Out on bge1 (to Internet)
Karl <k...@meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein