X-Original-To: alpine-devel@lists.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from ncopa-desktop.nor.wtbts.net (3.203.202.84.customer.cdi.no [84.202.203.3]) (using SSLv3 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nc@alpinelinux.org) by mail.alpinelinux.org (Postfix) with ESMTPSA id 40B62DC35DC; Wed, 26 Sep 2012 07:07:54 +0000 (UTC) Date: Wed, 26 Sep 2012 09:07:49 +0200 From: Natanael Copa To: jeremy@thomersonfamily.com Cc: Alpine-devel Subject: Re: [alpine-devel] awall - forward to/from same port Message-ID: <20120926090749.4523d331@ncopa-desktop.nor.wtbts.net> In-Reply-To: References: X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.12; x86_64-unknown-linux-gnu) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Tue, 25 Sep 2012 12:34:53 -0500 Jeremy Thomerson wrote: > This means that from iptables standpoint the > traffic is coming from gre1 and going to gre1. ... > Sep 25 17:26:39 jrt-vm-fw01 kern.warn kernel: [918524.175624] IN=gre1 > OUT=gre1 MAC= SRC=172.23.0.3 DST=172.23.0.2 LEN=84 TOS=0x00 PREC=0x00 > TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=36686 SEQ=16 > > So, I tried adding this to my awall config: > > { > "in": "T", > "out": "T", > "action": "accept" > } > > The problem is that awall didn't create a rule in the forward chain > for -i gre1 -o gre1. Not that it means that awall should do the same, but in shorewall you add an option called "routeback" to the interface definition. -nc --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---