On 7/15/2014 10:42 AM, [email protected] wrote: > Tom, > > on my HOME/OFC FIREWALL > > --------------------- > HOME/OFC FIREWALL + Shorewall firewall > eth0: D.D.D.2/29 > eth1: 192.168.1.2/24 > tun0: 172.20.0.2/24 > loc: 127.0.0.1/8 > --------------------- > > /interfaces > #ZONE INTERFACE OPTIONS > net eth0 > tcpflags,nosmurfs,logmartians=1,routefilter=1,sourceroute=0 > int eth1 logmartians=1,routefilter=1 > loc lo > - tun+ - > > /hosts > #ZONE HOST(S) OPTIONS > vpn1 tun+:172.20.0.0/24 > > your suggestion to add to HOME/OFC FIREWALL > > /rules > ... > ACCEPT vpn1 loc:192.168.1.50 tcp > 25,587 > DNAT loc:192.168.1.50 vpn1:172.20.0.1 tcp 25 > ... > > is addressing the LAN mailserver @192.168.1.50 in "loc" zone. > > 192.168.1.50 is in the "int" zone, isn't it? shouldn't that be > > /rules > ... > ACCEPT vpn1 int:192.168.1.50 tcp > 25,587 > DNAT int:192.168.1.50 vpn1:172.20.0.1 tcp 25 > ...
Yes. Out of curiosity, why do you have ipv4 zone 'loc' associated with 'lo'? That is disallowed by recent versions of Shorewall. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
