--- Malcolm Turnbull <[EMAIL PROTECTED]> wrote: > Subodh Srivastava wrote: > > >--- Malcolm Turnbull > <[EMAIL PROTECTED]> > >wrote: > > > > > >>If a NEW packet comes in and is NATed to the > >>Loadbalancer, > >>the loadbalancer then re-directs to the web > server, > >>and the web then server replies to the > requestor... > >> > >>I assume this will be droped by a FORWARD > >>NEW,ESTABLISHED rule ? > >> > >> > >Yes absolutely correct > > > > > >>i.e. its NOT NEW (because its a reply) > >>its NOT ESTABLISHED (because it came from a > >>different server) ? > >> > >> > >correct > > > > > >>or am I talking rubish ? > >> > >> > > > >not at all > > > >Subodh > > > > > >> > >> > >> > >> > >> > >> > >> > >> > > > > > >__________________________________________________ > >Do You Yahoo!? > >LAUNCH - Your Yahoo! Music Experience > >http://launch.yahoo.com > > > > > > OK so in that case do I want to allow http & https > in and out of my > network without statefull inspection ? > And yet still use statefull for ftp etc. Yes you can > Do I just need to put a FORWARD -p tcp -dport 80 -j > ACCEPT somewhere > in the script or does it have to go before the > stateful stuff ? Before the stateful stuff both rules (Incoming request and Outgoing replies) > The manual sugests that something that fails a > statful check will be > DROPed without continuing the chain ? Again it depends on the order in which you r putting ur rules > > Thanks in advance > > -- Subodh Shrivastava > > Regards, > > Malcolm Turnbull > > IT Manager > Crocus.co.uk Ltd > > 01344 629661 > 07715 770523 > > http://www.crocus.co.uk/ > > > > >
__________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com
