Hi
I have the following setup.
server A eth1: 192.168.254.5/24
server A eth2: 192.168.253.1/24
Routing tables in A
0.0.0.0 196.44.37.X 0.0.0.0 UG10000 eth0
10.0.0.0192.168.254.1 255.255.240.0 UG0 00 eth1
192.168.253.0
Jan van der Vyver wrote:
> I have the following setup.
>
> server A eth1: 192.168.254.5/24
> server A eth2: 192.168.253.1/24
>
> Routing tables in A
>
> 0.0.0.0 196.44.37.X 0.0.0.0 UG10000
> eth0
> 10.0.0.0192.168.254.1 255.255.240.0 UG0 0
On 06/25/2012 05:58 AM, Jan van der Vyver wrote:
Hope This helps to explain.
It doesn't :-(
The dash shell included in the latest versions of Ubuntu is not backward
compatible with earlier versions. The recent Shorewall 4.5 releases work
around this incompatibility -- 4.4.26 does not.
The
On 06/25/2012 09:18 AM, Jan van der Vyver wrote:
> Sorry about that. Updated to 4.5.5.1
>
Are you seeing lots of 'Martian' messages in /var/log/kern.log when you
don't have the route you mention? I'm guessing so, since you are (or
your distro is) setting reverse path filtering on all interfaces.
>Are you seeing lots of 'Martian' messages in /var/log/kern.log when you
don't have the route you mention? I'm guessing so, since you are (or your
>distro is) setting reverse path filtering on all interfaces. The reponse
packets from 10.x.x.x are likely being dropped as martians.
interfaces:
net
On 06/25/2012 01:16 PM, Jan van der Vyver wrote:
>
> I have routefilter on in the intenrfaces file but acording to the note I
> cannot use it.
But you *are* using route filtering. From the dump:
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/n
On 06/25/2012 01:35 PM, Tom Eastep wrote:
> On 06/25/2012 01:16 PM, Jan van der Vyver wrote:
>
>>
>> I have routefilter on in the intenrfaces file but acording to the note I
>> cannot use it.
>
>
> It is enabled (along with log_martians) on all of your interfaces.
>
> I suspect that you have somet
On 06/25/2012 02:34 PM, Jan van der Vyver wrote:
>>> Or you have ROUTE_FILTER=Yes in shorewall.conf.
>
> The was yes, I deactivated it. See new dump.
>
> I now get the following
>
> Jun 25 23:22:47 trio kernel: [1833703.280826]
> Shorewall:itrn2net:REJECT:IN=eth2 OUT=eth0
> MAC=fe:e8:d7:56:44:b5:00
On 06/25/2012 02:58 PM, Tom Eastep wrote:
> On 06/25/2012 02:34 PM, Jan van der Vyver wrote:
>> Why is this not working?
>
> It's not working because there is still a default route in the main
> routing table and your routing rules are checking the packet marks
> *after* the main table is traverse
