On 3/25/11 8:42 AM, James wrote: > > Mar 25 11:13:44 iron2 kernel: Shorewall:FORWARD:REJECT:IN=br0 OUT=br0 > PHYSIN=vnet0 PHYSOUT=tap0 SRC=192.168.123.6 DST=8.8.8.8 LEN=84 TOS=0x00 > PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=62215 SEQ=1 >
> > /etc/shorewall/masq: > eth4 br0 # masquerade the dmz out to the net You really should replace 'br0' with the corresponding subnet address. > > /etc/shorewall/interfaces: > net eth4 detect tcpflags,routefilter,nosmurfs,logmartians > dmz br0 detect bridge,optional > > Please could you point me in the right direction as to the correct > rules/and or policies I need to add. I was guessing perhaps 'routeback' > on the br0 in interfaces, is this right? Yes -- please see Shorewall FAQs 17 and 35. Also, which Shorewall version are you running. In the later versions, the *bridge* option should automatically imply *routeback* and your /etc/shorewall/masq entry elicits a WARNING. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
