[EMAIL PROTECTED] wrote: > Hopefully this hasn't been asked a number of times.. I did some searching, > and didn't come up with anything initially.
This is actually Shorewall FAQ #2 but it is disguised enough that you probably
didn't recognize it.
>
> Here is my info (modified sightly to make safe to broadcast):
So you believe in "security by obscurity"...
> Masq: (not sure if this is necessary..)
> eth0 0.0.0.0/0 175.31.30.10
It *is* necessary.
>
> When I try to ftp to the box from the outside (72.36.210.44), the
> connection is refused, and the following is in the log:
>
> Nov 10 16:25:17 revproxy kernel: Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth0
> SRC=72.36.210.44 DST=10.111.46.4 LEN=60 TOS=0x10 PREC=0x00 TTL=48
> ID=61493 DF PROTO=TCP SPT=51483 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0A
From the answer to Shorewall FAQ 17 (Why are these packets being
Dropped/Rejected?/How do I decode Shorewall log messages?):
If the chain is FORWARD and the IN and OUT interfaces are the same, then
you probably need the 'routeback' option on that interface in
/etc/shorewall/interfaces or you need the 'routeback' option in the
relevant entry in /etc/shorewall/hosts.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
