From: Tom E. <te...@sh...> - 2006-12-29 23:42:31
|
Jorge Daza Garc=EDa-Blanes wrote: >=20 > I just saw that the rule is in "tcfor" and the IP is local so, =20 > shouldn't it be in "tcout" ? Jorge, You often have to read between the lines when dealing with Shorewall problem reports. The ifconfig output that made you think the IP is local was apparently obtained on a system other than where Shorewall is running. I came to that conclusion by comparing that ifconfig output with the dump attached to the same post. The dump showed the following: 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc htb qlen 1000 link/ether 00:40:f4:cb:33:75 brd ff:ff:ff:ff:ff:ff inet 201.89.170.10/29 brd 201.89.170.15 scope global eth0 inet6 fe80::240:f4ff:fecb:3375/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:02:55:5e:fa:ff brd ff:ff:ff:ff:ff:ff inet 192.168.200.254/24 brd 192.168.200.255 scope global eth1 inet6 fe80::202:55ff:fe5e:faff/64 scope link valid_lft forever preferred_lft forever So it seems that the traffic in question is arriving on the firewall's eth0 and being sent through eth1; hence, it will traverse the 'tcfor' cha= in. -Tom --=20 Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ te...@sh... PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key |