Re: [Shorewall-users] mangle/rtrules problem

Thu, 27 Oct 2016 14:39:07 -0700 

Everything in shorewall.conf I didn't seem to need or fully understand I
left as out-of-the-box. MARK_IN_FORWARD_CHAIN is set to no so the
default prerouting chain would appear to be correct.

Does Wireshark cohabit comfortably with Shorewall if I wanted to
actually see the packets coming in or going out? I presume it monitors
the raw socket rather than going anywhere near the IP stack. Or can I
use a LOG action  to show routing decisions, including those in rtrules?
(I have limited access to the machine so I'm afraid I can't just go and
try it.)

Regards - Philip

On 27/10/2016 21:26, Tom Eastep wrote:
> On 10/27/2016 12:29 PM, Philip Le Riche wrote:
> > As I said, traceroute is being used on the Pis, not the firewall,
> > so after leaving a raw socket on a Pi they should still hit the IP
> > stack on the firewall and get filtered and routed by Shorewall like
> > anything else. My question remains.
>
> > Useful to know about traceroute and raw sockets though - like many
> > things, obvious when you think about it. I was going to set up
> > similar rules with $FW as source  purely for testing and
> > diagnostics.
>
> Okay -- what are the setting of MARK_IN_FORWARD_CHAIN? If it is Yes,
> then you need to alter your mark rules to include the :P chain designator.
>
> -Tom
>
> >
------------------------------------------------------------------------------
> The Command Line: Reinvented for Modern Developers > Did the
resurgence of CLI tooling catch you by surprise? > Reconnect with the
command line and become more productive. > Learn the new .NET and
ASP.NET CLI. Get your free copy! > http://sdm.link/telerik >
_______________________________________________ > Shorewall-users
mailing list > [email protected] >
https://lists.sourceforge.net/lists/listinfo/shorewall-users >



------------------------------------------------------------------------------
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive. 
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to