Hi, Many thanks, that was the issue, my setup is now working fine !
Cheers Christophe Le 27 juil. 2013 à 16:54, Tom Eastep <[email protected]> a écrit : > On 07/26/2013 01:39 AM, Christophe Ségui wrote: >> Another (important detail) : Setup is working when client node try to reach >> a web server located in netB but not for an internet web server…. >> routefilter=0 and logmartians=0 options are set for FW interface on netB > > If you want selective route filtering, then you want ROUTE_FILTER=No in > shorewall.conf. The effective setting for each interface is the *maximum* of > the setting for that interface (/proc/sys/net/ipv4/<interface>/rp_filter) and > the all setting (/proc/sys/net/ipv4/all/rp_filter). From The > Documentation/networking/ip-sysctl file: > > rp_filter - INTEGER > 0 - No source validation. > 1 - Strict mode as defined in RFC3704 Strict Reverse Path > Each incoming packet is tested against the FIB and if the > interface > is not the best reverse path the packet check will fail. > By default failed packets are discarded. > 2 - Loose mode as defined in RFC3704 Loose Reverse Path > Each incoming packet's source address is also tested against the > FIB > and if the source address is not reachable via any interface > the packet check will fail. > > Current recommended practice in RFC3704 is to enable strict mode > to prevent IP spoofing from DDos attacks. If using asymmetric routing > or other complicated routing, then loose mode is recommended. > > The max value from conf/{all,interface}/rp_filter is used > when doing source validation on the {interface}. > > Default value is 0. Note that some distributions enable it > in startup scripts. > > Note that Debian is one of those distributions. > > I'll try to make this clearer in the Shorewall documentation. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk_______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
