On Sat, 7 Jun 2008, Tom Eastep wrote: > I re-read your post and I _think_ it says that when connecting from tds01, > your host IP is 64.73.12.253. If that is the case, the packets are being > dropped as Martians.
Yes, that is the internet address I connected from. Good catch on LOGMARTIANS being off, that is normally turned on in my shorewall configs. However, the packets shouldn't be logged martians...there are 3 routing tables: main, tds01, and tds02. tds01 defines the default gateway out eth1 (tds01). I turned on martian logging to confirm, and nothing is logged as a martian when testing the connection again. I also have other DNAT rules specified coming in tds01 (to the same IP even), and those work fine. > I don't understand what you are trying to accomplish with your very unusual > routing configuration but given that you don't specify 'balance' on your > providers, you MUST turn off route filtering (your current setup is very > unwise -- you have route filtering enabled on all interfaces but have > logmartians disabled!!). I'm not using 'balance' because I want to route specific traffic out specific interfaces...note the ip rules in the dump. Thanks, -Brad ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
