I have this rule in place: -------------------------------------- DNAT net dmz:10.0.0.7 tcp 80,443 - 94.23.242.44 --------------------------------------
When I change this policy: -------------------------------------- net dmz DROP -------------------------------------- to: -------------------------------------- net dmz DROP info 8/sec:30 -------------------------------------- I see some drops in the logs, which results in some timeouts. Although most of the traffic from 94.23.242.44 is well redirected to 10.0.0.7. -------------------------------------- Jan 20 19:24:29 ks309069 kernel: Shorewall:net2dmz:DROP:IN=eth0 OUT=vmbr0 SRC=74.127.214.2 DST=10.0.0.7 LEN=52 TOS=0x00 PREC=0x00 TTL=244 ID=7235 DF PROTO=TCP SPT=49967 DPT=80 WINDOW=32768 RES=0x00 SYN URGP=0 Jan 20 19:24:40 ks309069 kernel: Shorewall:net2dmz:DROP:IN=eth0 OUT=vmbr0 SRC=90.26.201.69 DST=10.0.0.7 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=18626 DF PROTO=TCP SPT=61468 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 -------------------------------------- Isn't the rule sufficient to forward all http/https requests to 94.23.242.44 to be redirected to the virtual server at 10.0.0.7? Regards, Eric Desgranges. PS. shorewall version 4.4.6. ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
