On 05/31/2011 03:50 PM, Tom Eastep wrote: > On 05/31/2011 02:38 AM, Farkas Levente wrote: >> On 05/30/2011 04:56 PM, Tom Eastep wrote: >>> On 05/30/2011 12:05 AM, Farkas Levente wrote: >>> >>>> before this setup i've this in the rules: >>>> SSH(ACCEPT) net:$ADMIN_NET fw >>>> which was working, but after that i'm no longer able to access to the >>>> host:-( >>>> so in this case what is the right rule? net should have to be world or? >>> >>> '...no longer able to access..' isn't enough to go on. I would at least >> >> this means i got "Connection refused" when i try to ssh. >> but if i replace: >> SSH(ACCEPT) net:$ADMIN_NET fw >> with >> SSH(ACCEPT) world:$ADMIN_NET fw >> than i can connect, but in this case i can connect from everywhere not >> just from $ADMIN_NET. >> so what does the net and world means in this case? of course $ADMIN_NET >> is the public ip's of the host from the net where i'd like to access ssh. >> >>> need to see what log message is generated when you try to access (the >>> output of 'shorewall dump' collected right after you tried to access >>> would be better) in order to tell you what's wrong. >> >> attached. > > What does 'cat /proc/sys/net/bridge/bridge-nf-call-iptables' show? If it > shows '0', then you need to change your /etc/sysctl.conf to set it to 1. > If it shows '1', then there is something wrong with physdev match on > your system because the following rules don't seem to be matched:
it's 0. should i've to set by hand in /etc/sysctl.conf? (it'd be nice if shorewall can set it like net.ipv4.ip_forward). this set by kvm by default in case of bridge setup (may it'd be useful to add to the docs). anyway thanks, now it seems to working:-) -- Levente "Si vis pacem para bellum!" ------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
