pete wrote: > On Tue, Oct 02, 2007 at 06:30:55AM -0700, Tom Eastep wrote: >> pete wrote: >>> Hi, We have some FreeBSD machines that have several IP's on them and >>> running snmpd. >>> >>> The udp packets always return on the default IP even though they come in >>> on different ones during an snmpget. >>> >>> What is the most efficient way to handle this shorewall on the client >>> box? >> Given what little you've told us, I can't even describe the problem let >> alone any possible solution. See >> http://www.shorewall.net/support.htm#Guidelines. > > Thanks, sorry I've attached what you requested. > > My issue is pretty simple, but the solution isn't for me. > > > I have a box that runs shorewall with no rules. I just need it to be > able to connect via an snmp client, like snmpget to a remote machine. > > Normal snmp connections are not a problem as shorewall/iptables keeps > track of the connections, but I need to be able to connect to a machine > that is receiving the connection on one IP and returning it on another. > > The server receiving the connection is not the issue, but it's my client > machines rules that are breaking it. If I turn off shorewall, the > problem goes away. > > MYCLIENT(with shorewall) ---->161/udp----> PROBLEM_SERVER(receives on > IP A) > > But when PROBLEM_SERVER receives it on IP A, it returns the udp packet > on port 161 back over IP B which is the default interfaces IP. > > PROBLEM_SERVER(sends on IP B) ---->161/udp----> [BLOCKED]// MYCLIENT(with > shorewall) > > So MYCLIENT's shorewall doesn't allow the packet in, because it can't > relate the connection to anything. > > I've tried many, many different configurations, and the docks seem to > describe issues close to this, but I couldn't find anything that seems > to address this type of situation. > > Any help would be appreciated.
I see no solution but this: ACCEPT net:<IP B> fw udp - 161 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
