On Sunday 10 June 2007 17:37, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > On Sunday 10 June 2007 17:11, Tom Eastep wrote:
> >> Steven Jan Springl wrote:
> >>> On Sunday 10 June 2007 17:00, Tom Eastep wrote:
> >>>> Tom Eastep wrote:
> >>>>> Steven Jan Springl wrote:
> >>>>>> the following iptables rule is generated:
> >>>>>>
> >>>>>> -A accounting -p 17 -m multiport --dports 555,666 -i br0 -m
> >>>>>> physdev --physdev-in eth0 -o br0 -m physdev --physdev-out eth1 -j
> >>>>>> RETURN
> >>>>>>
> >>>>>> which produces the following messages:
> >>>>>>
> >>>>>> iptables-restore: line 341 failed
> >>>>>> ERROR: iptables-restore Failed. Input is
> >>>>>> in /var/lib/shorewall/.iptables-restore-input
> >>>>>> /sbin/shorewall: line 347: 12488 Terminated
> >>>>>> ${VARDIR}/.start $debugging start
> >>>>>
> >>>>> Hmmm -- that is a valid rule.
> >>>>>
> >>>>> [EMAIL PROTECTED]:~# iptables -N foo
> >>>>> [EMAIL PROTECTED]:~# iptables -A foo -p 17 -m multiport --dports
> >>>>> 555,666 -i
> >>>>> br0 -m physdev --physdev-in eth0 -o br0 -m physdev --physdev-out eth1
> >>>>> -j RETURN [EMAIL PROTECTED]:~#
> >>>>
> >>>> What happens if you pass the attached file to iptables-restore?
> >>>>
> >>>> Thanks,
> >>>> -Tom
> >>>
> >>> Tom
> >>>
> >>> That works.
> >>>
> >>> If the following rules are removed from the original restore file:
> >>>
> >>> -A FORWARD -j accounting
> >>> -A OUTPUT -j accounting
> >>>
> >>> then then the restore works.
> >>>
> >>> The presence of:
> >>>
> >>> -A INPUT -j accounting
> >>>
> >>> does not cause the restore to fail.
> >>
> >> After "shorewall clear", please try this:
> >>
> >> iptables -N foo
> >> iptables -A OUTPUT -j foo
> >> iptables -A foo -p 17 -m multiport --dports 555,666 -i br0 -m physdev
> >> --physdev-in eth0 -o br0 -m physdev --physdev-out eth1 -j RETURN
> >>
> >> Thanks,
> >> -Tom
> >
> > Tom
> > It produces the following messages:
> >
> > physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING
> > chains for non-bridged traffic is not supported anymore.
> >
> > iptables: Invalid argument
>
> How about:
>
> iptables -N foo
> iptables -A FORWARD -j foo
> iptables -A foo -p 17 -m multiport --dports 555,666 -i br0 -m physdev
> --physdev-in eth0 -o br0 -m physdev --physdev-out eth1 -j RETURN
>
> -Tom
Tom
That works. It just produces the message:
physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING
chains for non-bridged traffic is not supported anymore.
Steven.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
