Shorewall Geek wrote:
When marking rules don't work as expected, it is usually the result of failing to take into account which direction the packets are flowing relative to which way the connections were originally made. Your rules above will only mark outgoing packets from connections that originate behind the firewall. Outgoing packets from connections that originate on the net and connect to SSH servers behind the firewall will have SOURCE PORT == 22 rather than DEST PORT == 22.
Thanks for the replies,That makes sense. I was only trying for connections originating inside the network, but when that's working I will look at the other way.
If that is not the problem in your case, please submit the output of 'shorewall dump' collected as described at http://www.shorewall.net/support.htm#Guidelines.
Please see attached status.txt.bz2 Thanks
status.txt.bz2
Description: Binary data
------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
