On 12/30/2009 02:40:03 AM, Jordi Espasa Clofent wrote: > > I'm not paying much attention to the rest of your > > rules, but note that traffic > > going out the internal interface is coming from the > > Internet and so is _inbound_ traffic not outbound > > traffic as the comment would indicate. (You have other > > inbound quick rules in your ruleset so you can't just > > change out to in here and expect it to work.) > > Ok Karl, thanks. > I think I've a problem of missconception. > > So, I understand that this schema > > Internet ---bge1 --- bge0 --- LAN > > means at least 4 traffic to bge0 ruleset point of view:
There is no bge0 point of view, there is only the point of view of the kernel. > > 1- Traffic from internet (coming from bge1): it's IN In on bge1 (from Internet). It may or may not get to bge0, if it does it's... > 2- Traffic 1 to LAN: it's OUT Out on bge0 (to LAN) > 3- Traffic from LAN to bge0: it's IN In on bge0 (from LAN). It may or may not get to bge1, if it does it's... > 4- Traffic from bge0 to bge1: it's OUT Out on bge1 (to Internet) Karl <[email protected]> Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein
