On 10/08/2012 09:22 PM, Edy Corak wrote: > Am 09.10.2012 01:21, schrieb Tom Eastep: >> On 10/8/12 12:55 PM, "Edy Corak" <[email protected]> wrote: >> >>>> Hi, >>>> >>>> I'm using IPSEC in a multi-ISP configuration, >>>> lsm 0.131, Kernel 2.6.32, ipsec-tools 0.8.0 >>>> >>>> This worked fine with Shorewall/Shorewall-Lite 4.5.7. >>>> >>>> After updating Shorewall to 4.5.8 the routing of ESP packets doesn't work. >>>> >>>> If I change the Providers.pm file and add connmark => "! --mark >>>> 0/$mask" like before in Shorewall 4.5.7 than everything works fine. >>>> >>>> add_ijump $mangle_table->{$_} , j => 'CONNMARK', targetopts => >>>> "--restore-mark --mask $mask", connmark => "! --mark >>>> 0/$mask" for qw/PREROUTING OUTPUT/; >>>> >>>> Thank you very much for your help and time. >> What is your setting of USE_DEFAULT_RT? >> >> Thanks, >> -Tom >> You do not need a parachute to skydive. You only need a parachute to >> skydive twice. > > USE_DEFAULT_RT=No >
Okay -- I will want to see the output of 'shorewall dump'; you can send it privately if you like. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
