On Thu, Jun 18, 2009 at 7:10 PM, Mikael Kermorgant <
mikael.kermorg...@gmail.com> wrote:
>
>
> Would anyone have an idea about why this happens ? Is this something
> inherent to bridges I have not understood ? Or should I better look at
> the switches ?
>
I just found this in the FAQ which seems to apply to my problem :
INPUT or FORWARD
The packet has a source IP address that isn't in any of your defined zones
(“*shorewall[-lite] show zones*” and look at the printed zone definitions)
or the chain is FORWARD and the destination IP isn't in any of your defined
zones. If the chain is FORWARD and the IN and OUT interfaces are the same,
then you probably need the *routeback* option on that interface in
/etc/shorewall/interfaces <manpages/shorewall-interfaces.html> , you need
the *routeback* option in the relevant entry in
/etc/shorewall/hosts<manpages/shorewall-hosts.html> or
you've done something silly like define a default route out of an internal
interface.
In Shorewall 3.3.3 and later versions with OPTIMIZE=1 in
shorewall.conf<manpages/shorewall.conf.html>,
such packets may also be logged out of a <zone>2all chain or the all2all
chain.
I'll test that monday, but I still fail to understand how an udp stream with
a host ip destination can reach my machine with shorewall in a switched
environment.
Regards,
--
Mikael Kermorgant
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
