On my router I have the following policy: loc net ACCEPT loc $FW ACCEPT loc all REJECT $FW net ACCEPT $FW loc REJECT $FW all REJECT net $FW DROP net loc DROP net all DROP all all REJECT
and the following rules: DNAT net loc:192.168.0.3 tcp 50000 DNAT net loc:192.168.0.3 udp 50000 ACCEPT $FW loc icmp ACCEPT $FW net icmp And yet I'm able to ssh from a machine on the local network to the router via the external IP address. Does the router still know that I'm coming from the inside and thus allow it or is something wrong? Also a bittorrent client works on 192.168.0.3 even though I'm forwarding a different port than the one the client is set to listen on. How can that be? - Grant ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
