On 12/30/2009 02:40:03 AM, Jordi Espasa Clofent wrote:
> > I'm not paying much attention to the rest of your
> > rules, but note that traffic
> > going out the internal interface is coming from the
> > Internet and so is _inbound_ traffic not outbound
> > traffic as the comment would indicate. (You have other
> > inbound quick rules in your ruleset so you can't just
> > change out to in here and expect it to work.)
>
> Ok Karl, thanks.
> I think I've a problem of missconception.
>
> So, I understand that this schema
>
> Internet ---bge1 --- bge0 --- LAN
>
> means at least 4 traffic to bge0 ruleset point of view:
There is no bge0 point of view, there is only the point
of view of the kernel.
>
> 1- Traffic from internet (coming from bge1): it's IN
In on bge1 (from Internet).
It may or may not get to bge0, if it does it's...
> 2- Traffic 1 to LAN: it's OUT
Out on bge0 (to LAN)
> 3- Traffic from LAN to bge0: it's IN
In on bge0 (from LAN).
It may or may not get to bge1, if it does it's...
> 4- Traffic from bge0 to bge1: it's OUT
Out on bge1 (to Internet)
Karl <k...@meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
