Hi all, This is a strange one.
The Zones: Eth0 = net Eth1 = loc Eth2 = dmz The policy is REJECT or DROP every connection. In the static NAT file I have <NetZoneIP> eth0 <LocZoneIP> NO NO <NetZoneIP> eth1 <LocZoneIP> NO NO In RULES I have ACCEPT net loc:<LocZoneIP> tcp 80 ACCEPT loc loc:<LocZoneIP> tcp 80 I realise that the second rule is not needed, I can just go to the <LocZoneIP>, but it means we can test it from within the building, and not require an external connection. In the logs I get: Nov 21 14:04:35 firewall Shorewall:FORWARD:REJECT: IN=eth1 OUT=eth1 AC=00:20:af:bf:80:8a:00:b0:d0:9b:fc:43:08:00 SRC=192.168.27.19 DST=192.168.27.4 LEN=48 TOS=00 PREC=0x00 TTL=127 ID=14205 DF PROTO=TCP SPT=2692 DPT=80 SEQ=3116802762 ACK=0 WINDOW=64512 SYN URGP=0 Even though it's a pointless rule, should I be able to get this to work? "Shorewall:FORWARD:REJECT:" : I don't know what this means, I'm used to seeing loc2net, net2fw. What rule or policy would this be hitting? James. ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
