Jorge Daza García-Blanes wrote: > > I just saw that the rule is in "tcfor" and the IP is local so, > shouldn't it be in "tcout" ?
Jorge,
You often have to read between the lines when dealing with Shorewall
problem reports. The ifconfig output that made you think the IP is local
was apparently obtained on a system other than where Shorewall is
running. I came to that conclusion by comparing that ifconfig output
with the dump attached to the same post.
The dump showed the following:
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc htb qlen 1000
link/ether 00:40:f4:cb:33:75 brd ff:ff:ff:ff:ff:ff
inet 201.89.170.10/29 brd 201.89.170.15 scope global eth0
inet6 fe80::240:f4ff:fecb:3375/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:02:55:5e:fa:ff brd ff:ff:ff:ff:ff:ff
inet 192.168.200.254/24 brd 192.168.200.255 scope global eth1
inet6 fe80::202:55ff:fe5e:faff/64 scope link
valid_lft forever preferred_lft forever
So it seems that the traffic in question is arriving on the firewall's
eth0 and being sent through eth1; hence, it will traverse the 'tcfor' chain.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
