On 08/06/2013 04:54 PM, Tom Eastep wrote:
On 8/6/2013 10:11 AM, Pete Geenhuizen wrote:
Why don't you simply have an ACCEPT policy from $FW to net? In
/etc/shorewall/policy:
$FW net ACCEPT
Thanks Tom for the suggestion, and please forgive my ignorance, but
wouldn't this open the firewall to anything?
Anyway I gave it a shot, but unfortunately it didn't make any
difference, still no joy.
Placing DNS names in your configuration is a really bad idea. See:
I agree completely and that wasn't what I wanted to do, which is one
reason why I was asking for help.
Perhaps I have something else in the rules file creating a problem, so
here are the rules that I have
SECTION NEW
ACCEPT net $FW
DNAT net loc:XXX.XXX.XXX.13 tcp 22 2222
DNAT net loc:XXX.XXX.XXX.2 tcp http,https,imap,imaps,smtp
Invalid(DROP) net all
DNS(ACCEPT) $FW net
SSH(ACCEPT) loc $FW
Ping(ACCEPT) loc $FW
Ping(DROP) net $FW
ACCEPT $FW loc icmp
ACCEPT $FW net icmp
--
Unencumbered by the thought process.
-- Click and Clack the Tappet brothers
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
