On 1/3/07, Tom Eastep <[EMAIL PROTECTED]> wrote: > Port Forward/Redirect rules may be *inserted* (use the 'iptables -I' > command) into the nat table's PREROUTING chain. Such rules will preempt > anything that Shorewall has done. You will probably also have to insert an > appropriate ACCEPT rule into the filter table INPUT chain. >
Thanks Tom - thats what I needed... BTW, after getting bit by a co-lo provider that caches ARP addresses for _4 Hours_, I took your proxyarp advice to heart, and converted all the systems to proxy arp on the firewall. Works great! And thanks for shorewall! Its one of the nicest pieces of software I've used. Good docs, great features.. truly wonderful software :-) Steve ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
