Philip S. Hempel wrote: >> > > I get these errors as well in my syslog when restarting shorewall > > "physdev match: using --physdev-out in the OUTPUT, FORWARD and > POSTROUTING chains for non-bridged traffic is not supported anymore."
That issue is addressed in Shorewall FAQ 64 (http://www.shorewall.net/FAQ.htm#faq64. > > > OK, I just I did not expect the sip connections and others that the > asterisk server initiates from behind the dmz were going to be allowed > back in. > I was expecting that when I started the asterisk server I would not see > the connections being allowed back in from the viop provider, but they are. What do you mean by "allowed back in"? Do you mean response traffic? Or do you mean related connections? The former are admitted by the fact that Shorewall configures a stateful firewall; the latter are permitted by the SIP conntrack module which Shorewall loads by default. > > In fact without the rules for allowing the sip or iax ports I cannot > make a connection to the server behind the dmz with any voip clients > from the net. > So everything is working as expected in respect to net initiated > connections. > > And with the patch that was given to me by Tom, I actually have full > control over the bandwidth from the dmz as well. This is great! > > Thanks for the help. So at this point, do you still have a problem that needs solving? It's unclear from your post. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
