Thanks for your reply,
indeed, the rule:
DNAT net loc:10.1.1.5 tcp 64198
works perfectly, but either one of these are not
REJECT net loc:10.1.1.1 tcp http
REJECT net loc:10.1.1.1 tcp 80
DROP net loc:10.1.1.1 tcp http
DROP net loc:10.1.1.1 tcp 80
or combination with 'loc' only
i tried each of the rules above, one by one,
but if I open my external ip address given by my isp,
the connection still there, not blocking or rejecting it
please help?
On Sat, Dec 06, 2008 at 01:18:18AM -0800, Phillipus Gunawan wrote:
>
> RULES
> DNAT net loc:10.1.1.5 tcp 64198 64198
> REJECT net loc:10.1.1.1 tcp http http
>
>
Both of those rules will only affect traffic destined for port
{64198,http} on the specified host in the local zone *only* if the
source port for the connection at the remote end is originating from
port {64198,http}.
The solution is to eliminate the use of the source port column in your
rules.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now
http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline
------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you. Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
