I know, but from what I gather, eth0 is his internal nic, so I am having him remove rfc1918 filtering from that interface.
On Mon, 2007-01-15 at 10:06 -0800, Tom Eastep wrote: > Bryan Vukich wrote: > > In /etc/shorewall/interfaces you probably want something along the > > following lines: > > #ZONE INTERFACE BROADCAST OPTIONS > > loc eth0 detect dhcp > > net eth1 detect norfc1918,blacklist > > > > In /etc/shorewall/policy you probably have a line that looks like: > > loc net ACCEPT > > > > If so, all traffic from loc to the internet will automatically be > > accepted, so you wont need an accept rule just for 192.168.6.2 > > > > Now if you don't have the above policy on purpose, then the following > > rule in /etc/shorewall/rules will accomplish the same thing for that one > > IP: > > ACCEPT loc:192.168.63.2 all all > > > > But you probably don't want a rule such as: > > ACCEPT net:215.162.1.22 all all > > Such rules cannot override RFC 1918 filtration. > > -Tom > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users -- Bryan Vukich Network Administrator The Olson Company
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
