On Thursday 18 December 2003 03:36 am, Ray Olszewski wrote: > > If (a) then there is a rule missing in the net2all chain to ACCEPT the > traffic (or possibly one somewhere else that directs it to a different > chain ... but still, it needs to be ACCEPT'ed *somewhere* in the default > table).
net2all is the chain that enforces Josh's 'net->all' policy. Entries in the rules file would never add entries there.
The DNAT rule in question generates an ACCEPT rule in the net2loc chain. At the end of that chain is a jump to net2all.
Yeah. That's why I said "or possibly one somewhere else".
Josh has sent me the equivalent of the output of "shorewall show nat". It shows the correct DNAT rule to be invoked out of the PREROUTING hook but it appears that the packet is somehow not matching that rule...
OK. If you and Josh are continuing to sort this out off-list, I'll leave you to it. I was only poking my nose in because
(a) I thought you were trying to end your involvement in end-user troubleshooting (based on your and others' postings here a few weeks ago);
(b) I thought you preferred not to have these troubleshooting queries taken off-list (so I assumed I was seeing all of Josh's responses, except of course for the one you replied to asking him not to respond off-list).
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
