Israel Santana wrote: > Hi, > > I´m trying use conntrackd, shorewall and keepalived. > > Conntrackd (now know as conntrack-tools) is working ok, keepalived too, > but i don´t know how to put some iptables rules in shorewall. > > eth0 is the local area (192.168.0.0/24) > eth1 is the net area (192.168.1.0/24) > > [1] iptables -P FORWARD DROP > [2] iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j > ACCEPT > [3] iptables -A FORWARD -i eth1 -p tcp --syn -m state --state NEW -j ACCEPT > [4] iptables -A FORWARD -i eth1 -p tcp -m state --state ESTABLISHED -j > ACCEPT > [5] iptables -I FORWARD -j LOG > [6] iptables -I POSTROUTING -t nat -s 192.168.0.3 -j SNAT --to > 192.168.1.100 > I guess in masq > eth1 eth0 192.168.1.100 > > > Can someting help me ? >
/etc/shorewall/policy net loc DROP info /etc/shorewall/rules: ACCEPT net loc tcp:syn /etc/shorewall/nat (Your rule would also work). eth1 192.168.0.3 192.168.1.100 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
