> On Wed, Oct 7, 2020 at 1:31 PM Simon Matter <simon.mat...@invoca.ch>
> wrote:
>>
>> > Hi,
>> >
>> > If my rules allow HTTP and HTTPS access (ports 80, 443) with an ACCEPT
>> > rule such as the following
>> >
>> > ACCEPT lan1:10.215.144.0/23 wan tcp,udp 80,443
>> >
>> > I'd like to know why I am seeing the following in the shorewall log
>> > when a user accesses a web page:
>> >
>> > kernel: Shorewall:wan-lan1:DROP:IN=wan OUT=lan.1
>>
>> Just an idea, is there some VLAN involved or why is the out interface
>> named lan.1?
>
> Yes, the HTTP client made a request from VLAN 1 (lan.1) to WAN. The
> reply is rightfully coming from wan and going to lan.1.
> Why do you ask?
> My interfaces file contains:
>
> lan ${IF_LAN} routeback,arp_filter=1,proxyarp=1
> lan1 ${IF_LAN}.1 routeback,arp_filter=1,proxyarp=1
I thought maybe there is a mismatch in the LAN/VLAN config.
Simon
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
