Tom Eastep wrote:
Philip S. Hempel wrote:What happens with the configuration I have right now is the tcrules complain that dmz0 is down, that is not actually true, it just does not have an IP address. Does the traffic controlling in shorewall require an address to control the bandwidth?The attached patch should correct that problem.Secondly I thought that I could actually do rules between the interfaces over the bridge. Basically I wanted to control net0 to dmz0 and I thought this was possible but it seems that it doesn't work.I do get some blocking at dmz0 but I am not sure why. I seem to only be blocking on some things but it should be blocking on everything based on my config right now.There is nothing that I can do with that problem statement. It doesn't contain enough information to let us even understand the problem, let alone solve it. What we need is: a) The output of "shorewall dump" collected as described at http://www.shorewall.net/support.htm#Guidelines.
Sorry about that got a little ahead of myself.
b) A *concise* statement of what you tried, what you expected to happen and what you actually observed happening.
I get these errors as well in my syslog when restarting shorewall"physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore."
OK, I just I did not expect the sip connections and others that the asterisk server initiates from behind the dmz were going to be allowed back in. I was expecting that when I started the asterisk server I would not see the connections being allowed back in from the viop provider, but they are.
In fact without the rules for allowing the sip or iax ports I cannot make a connection to the server behind the dmz with any voip clients from the net. So everything is working as expected in respect to net initiated connections.
And with the patch that was given to me by Tom, I actually have full control over the bandwidth from the dmz as well. This is great!
Thanks for the help. -- Philip S. Hempel Cell: 574-261-2878 Phone: 317-324-1108
status3.txt.bz2
Description: application/bzip
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
