Hi Tom, of course i don't have cabled them wrong...otherwise any rules would'nt work ;) So the cabling is ok. The "WAN"-Side is connected to a DSL-Modem, the "LAN"-Side is connected to a switch. Everything but "tcpdump before rule is active" works.
I do the following: A client call me that he can't do onlinebanking (for example). I know the special software uses tcp port 8000. So i open port 8000 for that client from inside to outside. I restart shorewall (/etc/init.d/shorewall restart). After that action i try on clientside if i can connect to port 8000...but it did'nt work. So i wan't to find out why i can't connect. I do a tcpdump on the firewall (example in last email). After that action the rule works. I try that with several rules. Same procedure every time. 1. What i will try next week: Does it also work if i don't start tcpdump in promiscuous mode ? Thanks for your answer! Best regards, Kai. PS: I use shorewall version 4.0.15, linuxkernel 2.6.26-2-amd64, iptables v1.4.2. ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
