Tom Eastep wrote: > If I recall correctly, the key element in Bob's setup was that the local > simple device didn't support setting a default route. So SNAT had to be used > on incoming traffic so that the device was able to reply.
Yes and no. That was certainly one way that it manifested as a problem. I was getting test devices with the os in rom that I could not change and they did not expect to see addresses from off of their local subnet. But also I *wanted* both source and destination addresses to be translated. Since it was not doing what I wanted it to do I kept working at it until it did. :-) I was quite happy with the result that I needed to specify separately that both translations needed to occur. I just needed to get to that point in my understanding. After I understood it then I was good to go. Also let me say that I am very happy with Shorewall. It has been a superior solution for me for quite a few years now. Thanks Tom! Bob ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
