Re: [Fwbuilder-discussion] NAT with dynamic address does not compile
Brought to you by:
mikehorn
From: Erich T. <eri...@th...> - 2004-09-21 06:57:39
|
Vadim At 08:49 20.09.2004 -0700, you wrote: >>.. >>This does not appear to work correctly (under iptables). When I use the= generated rules on the policy table for eth0 _and_ specify eth0 as the= source the respective messages get blocked. When I remove the eth0 object= from the rule, the message passes. The message in question is UDP (domain)= and http originating on the firewall. > >your description does not seem to indicate NAT is involved, yet you asked= about NAT in the beginning. You are right, I was not clear. The compiler reported the=20 Since the dynamically configured interface may _not_ have an address anymore= I have to remove this address from the interface, which strips this also= from other rules, in my case from the rules controlling eth0. If I set the= source for these rules to the interface proper it appears that the messages= do not pass through the firewall anymore as they are caught by the catch= all rule.=20 >... >I guess I need to see the rules Is there a way to get at the rules without loading them to the firewall. I= cannot seem to find the generated .fw files on the fwbuilder system= anymore. cheers Erich THINK=20 P=FCntenstrasse 39=20 8143 Stallikon=20 mailto:eri...@th...=20 PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 |