On Thursday 18 December 2003 12:26 pm, Ray Olszewski wrote: > At 10:55 AM 12/18/2003 -0800, Dalziel, Josh wrote: > >Ok Tom you asked for that output here it is. You might have to open it on > > a unix machine. Ray, we are not working this issue off-list. I sent one > > email offline, but that wasnt on purpose. I would also like your input > > cause you have offered up some good sugestions that have been helpfull. > > OK. Let's review what we have. > > 1. You have a DNAT rule that looks right on its surface, and that does > match 1 packet. To wit (from nat::net_dnat, called by nat::PREROUTING): > > 1 38 > DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 > udp dpt:27015 to:192.168.1.3 > > Since the packet size looks right (see item 3 below), I infer that the one > packet it did match was legit. (An earlier rule in the table causes this > rule to be applied only to packets that originate on eth0.) Since this > rule, semingly, *sometimes* matches, it might be a useful diagnostic to log > the traffic it does match. >
The traffic can be logged through both rules as follows: DNAT-:info net loc:192.168.1.3 udp 27015 ACCEPT:info net loc:192.168.1.3 udp 27015 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
