Mike wrote: > Is it sufficient to use route_rules for this to work as follows, > because I am having trouble with it.
Mike, "I am having trouble with it" will get you sympathy but no help. What problem _exactly_ are you having? > > # > # Shorewall version 4 - route_rules File # # For information about > entries in this file, type "man shorewall-route_rules" > #63.90.86.0 > # For additional information, see > http://www.shorewall.net/MultiISP.html > ###################################################################### > ###### > ## > #SOURCE DEST PROVIDER PRIORITY > - 10.19.227.0/24 main 1000 > - 192.168.1.0/24 main 1000 > - 63.87.74.0/24 main 1000 > - 64.42.53.203 main 1000 > - 10.5.198.191 main > 1000--------------from here down are poptop assigned Ips > - 10.5.198.192 main 1000 > - 10.5.198.193 main 1000 > - 10.5.198.194 main 1000 > - 10.5.198.195 main 1000 > > The above rules direct traffic to the PPTP clients to use the main routing table. That's a good idea but without knowing what problem you are having, I really can't comment. A Shorewall dump collected as described in the support doc would also be helpful. > Btw I answered your last mail Tom from T-bird did you get that? Yes. -Tom Sorry for non-verbosity, Here is some sniffs from eth1(loc) and ppp1(my current ppp connection) with me Pinging a client on this network remotely through poptop. And dump is attached. You can see there is no Reply from 10.5.198.1 Which I can ping successfully if I am ssh and pinging from The firewall itself. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes 14:54:58.866717 IP 10.5.198.192 > 10.5.198.1: ICMP echo request, id 768, seq 4352, length 40 14:54:58.868088 arp who-has 10.5.198.192 tell 10.5.198.1 14:54:59.033032 arp reply 10.5.198.192 is-at 00:10:18:28:5a:d4 14:55:04.068423 IP 10.5.198.192 > 10.5.198.1: ICMP echo request, id 768, seq 4608, length 40 14:55:09.602038 IP 10.5.198.192 > 10.5.198.1: ICMP echo request, id 768, seq 4864, length 40 14:55:15.068727 IP 10.5.198.192 > 10.5.198.1: ICMP echo request, id 768, seq 5120, length 40 ns2:~ # tcpdump -ni ppp1 host 10.5.198.192 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ppp1, link-type LINUX_SLL (Linux cooked), capture size 96 bytes 14:57:23.635652 IP 10.5.198.192.2018 > 75.149.172.84.3389: S 1284057838:1284057838(0) win 65535 <mss 1360,nop,nop,sackOK> 14:57:26.631680 IP 10.5.198.192.2018 > 75.149.172.84.3389: S 1284057838:1284057838(0) win 65535 <mss 1360,nop,nop,sackOK> 14:57:29.251083 IP 10.5.198.192 > 10.5.198.1: ICMP echo request, id 768, seq 5376, length 40 14:57:32.748469 IP 10.5.198.192.2018 > 75.149.172.84.3389: S 1284057838:1284057838(0) win 65535 <mss 1360,nop,nop,sackOK> 14:57:34.560336 IP 10.5.198.192 > 10.5.198.1: ICMP echo request, id 768, seq 5632, length 40 14:57:40.060884 IP 10.5.198.192 > 10.5.198.1: ICMP echo request, id 768, seq 5888, length 40 14:57:45.564074 IP 10.5.198.192 > 10.5.198.1: ICMP echo request, id 768, seq 6144, length 40 PS at times you can get replys from poptop as though it where loadbalancing Thanks Mike
tcpdump.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
