Re: Rule question - Patrick Schaaf

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick Schaaf <bof@bof.de>
To: Antony Stone <Antony@Soft-Solutions.co.uk>
Cc: netfilter@lists.samba.org
Subject: Re: Rule question
Date: Sat, 22 Jun 2002 10:08:24 +0200	[thread overview]
Message-ID: <20020622100824.J5183@oknodo.bof.de> (raw)
In-Reply-To: <20020622075338.KGUZ19225.mta07-svc.ntlworld.com@there>; from Antony@Soft-Solutions.co.uk on Sat, Jun 22, 2002 at 08:53:35AM +0100

Hi Anthony,

> Why would you have a process specifically binding to the ext.IP, independent 
> of the route it's communicating to the client system ?

See my second mail (reply to myself) for one situation where I want that.
In general, I _like_ my internal machines to easily be able to look at
a source IP, and see whether it originated internally, or externally.
IOW, I like the incoming TCP connections through my application level
proxy to use the firewall's external IP address as the source, for the
sake of packet filters on my internal nodes.

> Maybe there's a good reason for this somewhere, but it's not the way I've 
> ever run things...

I do. It's very nice to have iptables so capable that it supports all our
different ways of doing things.

all the best
  Patrick

next prev parent reply	other threads:[~2002-06-22  8:08 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-06-22  7:35 Rule question Patrick Petermair
2002-06-22  7:38 ` Antony Stone
2002-06-22  7:46 ` Patrick Schaaf
2002-06-22  7:53   ` Antony Stone
2002-06-22  8:08     ` Patrick Schaaf [this message]
2002-06-22  8:17       ` Patrick Schaaf
2002-06-22  7:55   ` Patrick Schaaf
2002-06-22  7:46 ` Antony Stone
2002-06-26 14:57   ` Joe Patterson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20020622100824.J5183@oknodo.bof.de \
    --to=bof@bof.de \
    --cc=Antony@Soft-Solutions.co.uk \
    --cc=netfilter@lists.samba.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.