Hej Erich, thanks a lot for taking part!
Am 09.07.2015 um 18:45 schrieb Erich Titl: > Hi Boris > > Am 09.07.2015 um 18:13 schrieb Boris: >> Hej LEAF-user, >> >> >> no troubles since years (thank you all!!) but now I found a new phenomen >> and do not know how to handle - hope to find some help in here.... >> >> I'm running an older leaf box as router and firewall (3.1) and use a >> name-based rule in shorewall to filter some stuff, something like >> >> ACCEPT loc net:www.gmx.de all > > AFAIK this notation has been deprecated a long time ago. > See > > http://shorewall.net/configuration_file_basics.htm#dnsnames > Yes, I know... I should switch to the new syntax that would spell like Web/ACCEPT loc net:www.gmx.de In fact, I'm trying to make a service on ports 80 and 443 reachable. >> >> Now some weeks ago, the service from www.gmx.de (this is an example!) >> became unstable at the client and I finally found out that the IP behind >> the name www.gmx.de changes from time to time. Also, nslookup tells me >> something about a 'canonical name' which I didn't realize at other hosts: > > So you may have run into the above. > > Solutions.... > > You could try to assemble a list of IP addresses for the service you > want to access. I would not recommend that. > > Better you should use rules for specific services, allow those services > unrestricted or to a group of addresses you trust. > OK, I'm with you! I didn't mention that the service is running on ports 80 an d 443 and that the clients ar supposed to be non-surfing clients! So, solution #1 is the way to go?? Thanks again, Boris ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
