On Sat, Dec 06, 2008 at 06:21:29AM -0800, Phillipus Gunawan wrote: > Thanks for your reply, > > indeed, the rule: > > DNAT net loc:10.1.1.5 tcp 64198 > > works perfectly, but either one of these are not > > REJECT net loc:10.1.1.1 tcp http > REJECT net loc:10.1.1.1 tcp 80 > DROP net loc:10.1.1.1 tcp http > DROP net loc:10.1.1.1 tcp 80 > > or combination with 'loc' only > > i tried each of the rules above, one by one, > but if I open my external ip address given by my isp, > the connection still there, not blocking or rejecting it > > please help? > Please submit the output of 'shorewall dump' *after* trying to connect to the HTTP port from outside of your network.
Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
