Sven-Åke Larsson said:
>
> Even though this is a great solution with a lot of options there was a post
> from George Njoku with two different forward rules. Shouldn't it work? At
> least it's simple.
>
No, pretty sure it won't. George posted FORWARD rules. FORWARD does not
determine routing interfaces. Routing determines FORWARD interfaces.
You would still set the ACCEPT rules on the established traffic as
George demonstrates, but you can't do it just with the FORWARD chains.
Hash: SHA1
Sven-Åke Larsson said:
>
> Even though this is a great solution with a lot of options there was a post
> from George Njoku with two different forward rules. Shouldn't it work? At
> least it's simple.
>
No, pretty sure it won't. George posted FORWARD rules. FORWARD does not
determine routing interfaces. Routing determines FORWARD interfaces.
You would still set the ACCEPT rules on the established traffic as
George demonstrates, but you can't do it just with the FORWARD chains.
- --
phil
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Public Key: http://www.dyermaker.org/gpgkey
iD8DBQFDRtDZGbd/rBLcaFwRAspFAJ4tA3QITUuwY39r7HFjbZ2RWWS51gCgiRdn
MbhDtxDvFBiHdSuJuWart5A=
=tp22
-----END PGP SIGNATURE-----
[ reply ]