Hi, I am in the process of upgrading a multi-isp router (ISP1, 2, 3). Previously it was working as expected with Shorewall 3.0.8 and kernel 2.6.16.
I'm now havig trouble with ISP2 and ISP3 only after moving to shorewall 3.4.2 and kernel 2.6.19. Incoming connections don't complete. An example: a DNAT rule redirects Internet port 443 to a lan server. (from 217.126.158.166 to 85.48.225.159:443 -> 10.215.144.16:443) Note that 85.48.225.159 (ISP3) is on the ADSL modem/router (PPPoA) and has local IP 192.168.101.1 and redirects all incoming traffic to 192.168.101.2 which is the multi-isp shorewall gateway. Please find the shorewall dump here: http://fhm.zapto.org/dump.gz The failing connection is: tcp 6 33 SYN_RECV src=217.126.158.166 dst=192.168.101.2 sport=2789 dport=443 packets=1 bytes=48 src=10.215.144.16 dst=217.126.158.166 sport=443 dport=2789 packets=3 bytes=144 mark=3 use=1 DNAT rules on ISP1 (192.168.92.2) work as expected from the Internet. Also, according to the rules, pings on $FW should also reply on ISP2 and ISP3 but they don't. They only reply on ISP1. I did the tests and dumped the following: http://fhm.zapto.org/dump2.gz Before disabling log_martians in /proc/sys/.../conf/*/log_martians I used to receive a lot of martian log messages (as expected). So I removed routefilter as from http://www.shorewall.net/MultiISP.html and also diabled any tcrules entries which all worked fine with the previous kernel. In fact, if I reboot with kernel 2.6.16, all's well again. Any help or hints appreciated as to how to pinpoint the problem in the new kernel. Vieri ____________________________________________________________________________________ It's here! Your new message! Get new email alerts with the free Yahoo! Toolbar. http://tools.search.yahoo.com/toolbar/features/mail/ ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
