On 05/21/2018 08:38 AM, David Ventura wrote: > Whoops! You'll find the dump attached. > > I'll re-state my issue because I feel I was not clear enough on my > previous post: > > 192.168.20.138 (container) -> 192.168.20.10 (host) works OK via the > linux virtual bridge, never reaches the router. > 192.168.20.138 (container) -> 192.168.2.10 (host, different interface) > is 'dropped' (no rejection, just timeout) > > The rules and tcpdump above are on the "failing" case. > The firewall is passing the connection request:
Chain srv-loc (1 references)
pkts bytes target prot opt in out source destination
28571 2214K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
6 360 ACCEPT tcp -- * * 192.168.20.138
192.168.2.10 tcp dpt:8006 <======================================
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
What does tcpdump show on the 'lan' (loc zone) interface?
-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
