On Thursday 18 December 2003 03:36 am, Ray Olszewski wrote: > > If (a) then there is a rule missing in the net2all chain to ACCEPT the > traffic (or possibly one somewhere else that directs it to a different > chain ... but still, it needs to be ACCEPT'ed *somewhere* in the default > table).
net2all is the chain that enforces Josh's 'net->all' policy. Entries in the rules file would never add entries there. The DNAT rule in question generates an ACCEPT rule in the net2loc chain. At the end of that chain is a jump to net2all. Josh has sent me the equivalent of the output of "shorewall show nat". It shows the correct DNAT rule to be invoked out of the PREROUTING hook but it appears that the packet is somehow not matching that rule... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
