From mboxrd@z Thu Jan 1 00:00:00 1970 From: Vimal Subject: Re: iptables not prevent access Date: Tue, 16 Sep 2008 09:22:54 +0530 Message-ID: References: <9518B26607784D55A361431633134C9B@dcyb.net> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=dM/gBkD8BjLcWhyORa8ouzZFJLcODUBnRVD49A8yTHY=; b=LWd7RRDUhzsYx2nmbftL1L2ENq1eOedGEwcj2MQ27MhFpGodgDVHcVKH6d0xNpw2ON 1eDKi7mkCv9WUI9O3Tnoh+6f7oGNOEUzKVfmkPPzFV2K+OGXamf//ftvWeKYAe7I4JYj 9hvuMEw9BWABKRlvrogeAHDssK6xlnbSbvI/8= In-Reply-To: Content-Disposition: inline Sender: netfilter-owner@vger.kernel.org List-ID: Content-Type: text/plain; charset="us-ascii" To: "Xu, Qiang (FXSGSC)" Cc: "netfilter@vger.kernel.org" > This is a good idea. I think you are probably right. The request received by the server perhaps does't come from 119 in the server's eyes, although the webpage IS opened from 119. But the server is a linux environment, and tailored quite a bit to run embedded system software. So apache is not in "usr/local". I've got to try to locate the access log in the printer first. > :-) I haven't yet read your previous mails about the routing tables. But, if you could give this a try, then we can confirm the hypothesis. Just like you blocked client 119 and it failed, and then you tried 120 and it worked; block the gateway and unblock 120. If it works from 120, but it doesn't work from 119 (now), it means that the request is coming from the gateway for 119. -- Vimal