On Sat, Dec 06, 2008 at 01:18:18AM -0800, Phillipus Gunawan wrote:
>
> RULES
> DNAT net loc:10.1.1.5 tcp 64198 64198
> REJECT net loc:10.1.1.1 tcp http http
>
>
Both of those rules will only affect traffic destined for port
{64198,http} on the specified host in the local zone *only* if the
source port for the connection at the remote end is originating from
port {64198,http}.The solution is to eliminate the use of the source port column in your rules. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
