On 7/15/2014 12:18 PM, [email protected] wrote: > Tom, > >>> 192.168.1.50 is in the "int" zone, isn't it? shouldn't that be >>> >>> /rules ... ACCEPT vpn1 int:192.168.1.50 >>> tcp 25,587 DNAT int:192.168.1.50 vpn1:172.20.0.1 >>> tcp 25 ... >> >> Yes. > > Ok. One step closer. Thanks. > >> Out of curiosity, why do you have ipv4 zone 'loc' associated with >> 'lo'? That is disallowed by recent versions of Shorewall. > > It's disallowed? Missed that :-/ Could've sworn I picked it out of > an example. > > I've done this thinking that since I'll need rules for "lo" <-> other > interfaces, that I need the zone. IPv4 made sense to me at the time. > Honestly, I haven't gotten as far as those rules yet, still fighting > to get this mailserver-over-vpn setup working.
The SOURCE and DEST of all traffic flowing through lo is the firewall itself. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
