On 04/26/2013 02:51 PM, Troy Telford wrote: > On 2013-04-26 17:36:22 +0000, Troy Telford said: > > > While you're looking: I applied the suggested change: > > TPROXY(3129) ethX:!<ethX ip addr> 0.0.0.0/0 tcp 80 > > However, I am still unable to connect to the apache server on the > > shorewall box... > > > I found the problem I was having with: > > TPROXY(3129) ethX:!<ethX ip addr> 0.0.0.0/0 tcp 80 > > > As I have a dual-stack system, I didn't have it setup correctly for > shorewall6. > > > After adding the following in shorewall6/tcrules, it's working: > > TPROXY(3129) eth0:[!(local_ipv6_addr)/64] ::/0 tcp 80 > > > And now it appears to work correctly for IPv6 as well as IPv4-only systems
That's fascinating, given that I gave you a bad rule. What I wanted you
to do was:
TPROXY(3129) eth0 !<address of eth0> tcp 80
Same with br0:
TPROXY(3129) br0 !<address of br0> tcp 80
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
