On Wed, Oct 7, 2020 at 1:31 PM Simon Matter <[email protected]> wrote:
>
> > Hi,
> >
> > If my rules allow HTTP and HTTPS access (ports 80, 443) with an ACCEPT
> > rule such as the following
> >
> > ACCEPT lan1:10.215.144.0/23 wan tcp,udp 80,443
> >
> > I'd like to know why I am seeing the following in the shorewall log
> > when a user accesses a web page:
> >
> > kernel: Shorewall:wan-lan1:DROP:IN=wan OUT=lan.1
>
> Just an idea, is there some VLAN involved or why is the out interface
> named lan.1?
Yes, the HTTP client made a request from VLAN 1 (lan.1) to WAN. The
reply is rightfully coming from wan and going to lan.1.
Why do you ask?
My interfaces file contains:
lan ${IF_LAN} routeback,arp_filter=1,proxyarp=1
lan1 ${IF_LAN}.1 routeback,arp_filter=1,proxyarp=1
Vieri
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
