[email protected] wrote: > Def. Quota Tom Eastep <[email protected]>: > >>> >>> Which Shorewall version? >>> Shorewall-shell or Shorewall-perl? >> >> It would also be good to include the output of 'shorewall show mangle' >> (as an attachment) when the non-working entry in /etc/shorewall/tcrules >> is present. >> > > Shorewall is shorewall-perl 4.2.9 > > Attachment 2 file: > with_tcrules.gz when use /etc/shorewall/tcrules > and > without_tcrules.gz when use 2 line iptables in /etc/shorewall start.
I see no reason why the entry in tcrules should not work just like your manually-added rule. They are exactly the same rule at the iptables level -- in the case of the tcrules entry, the rule is only traversed on the first output packet in a connection while your rule is traversed by every packet originating from the firewall. Given that there is no USER/GROUP column in the masq file, there is currently no way to replace the second iptables rule exactly using standard Shorewall file entries. Is the purpose of the rule to give proxy traffic a different SOURCE IP address? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
