Re: [Shorewall-users] Shorewall and amule

Tue, 09 Jan 2007 16:07:57 -0800 

Alle Tuesday 09 January 2007 19:22, Tom Eastep ha scritto:
> No. Shorewall's DNAT action creates both the DNAT and ACCEPT rules;
> DNAT- (note the trailing "-") omits generation of the ACCEPT rules.

Ok, thanks for the specification.

> Because those rules are in user-defined chains that only gets traffic
> from net->fw and fw->net.[...] In general, you can't look at a single 
> Netfilter rule out of context and draw any valid conclusions.

Please, can you help me to understand this point?

Maybe you mean I've to look the other chains (INPUT, DROP, REJECT,...) 
and the user-defined net2fw chain to draw a conclusion?
This is (for example) the INPUT chain and the net2fw chain (with 
the -n -v)

Chain INPUT (policy DROP 3 packets, 176 bytes)

ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
eth1_in    all  --  eth1   *       0.0.0.0/0            0.0.0.0/0
eth0_in    all  --  eth0   *       0.0.0.0/0            0.0.0.0/0
Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0
LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           
limit: avg 10/min burst 5 LOG flags 0 
level 6 prefix `Shorewall:INPUT:REJECT:'
reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0




Chain net2fw (1 references)

ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
state RELATED,ESTABLISHED
ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
tcp dpt:4662
ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           
multiport dports 4672,4673,4665
Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0
LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           
limit: avg 10/min burst 5 LOG flags 0 
level 6 prefix `Shorewall:net2fw:DROP:'
DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0


Analizing all the chains I notice that in the INPUT and OUTPUT chains 
there is the specification for the input and output interfaces, but 
there is no specification for the fw ip like 127.0.0.1 or 192.168.0.1 
(I've two NICs).
The only one specification for an ip address is in the fw2lan chain for 
a ssh access:

ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.200.2       
tcp dpt:22

So if you can take me a specific explanation (also a link) to resolve my 
doubt about the 0.0.0.0/0 I would be thankful of it.


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to