The "routeback" option tells Shorewall to build chains to manage int <-> int traffic. With "routeback", your policy should take effect as well as any rules like: DROP int int tcp snmp
As far as Windows name resolution, I run Samba with "wins support = yes" and at DHCP time pass out "option netbios-name-servers". Bill On 12/27/2016 4:14 PM, Alex wrote: > Hi, > > On Thu, Dec 22, 2016 at 11:32 PM, Bill Shirley > <[email protected]> wrote: >> I've seen this on a couple of networks I administer. I think it's Winwoes >> 10 related. I began >> seeing this behavior about the time Microsoft started rolling out Winwoes 10. >> >> My theory is that Winwoes 10 is looking up the printer name via DNS and then >> assuming >> that the printer will always have that address. I'm thinking it >> re-configures itself to access >> the printer strictly by IP address. Then when the printer gets a different >> IP address (DHCP), >> it can't lookup the MAC address via arp. So it decides to let the gateway >> do the work of >> forwarding the request (which it can't do because the printer isn't at that >> address anymore). >> Currently I just DROP this non-sense. >> >> Look at the printer configuration on the Windows machine and see if it has a >> hard coded >> IP address. > Only now seeing this. Yes, you are correct, the printer is hard-coded. > I've now fixed it by just dropping them. I also implemented Tom's > suggestion of using "routeback" on the internal interface, but I'm now > noticing it didn't fix it. > > I'm curious why the routeback option didn't work? > > It's a samba printer, so I had trouble browsing by name. Would > figuring out the issue I have with browsing by name be the right fix? > > Thanks, > Alex > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
