Brad wrote:
On Sat, 7 Jun 2008, Tom Eastep wrote:I re-read your post and I _think_ it says that when connecting from tds01, your host IP is 64.73.12.253. If that is the case, the packets are being dropped as Martians.Yes, that is the internet address I connected from. Good catch on LOGMARTIANS being off, that is normally turned on in my shorewall configs. However, the packets shouldn't be logged martians...there are 3 routing tables: main, tds01, and tds02. tds01 defines the default gateway out eth1 (tds01)
I can see that. But only the main table is involved in route filtering.
I turned on martian logging to confirm, and nothing is logged as a martian when testing the connection again. I also have other DNAT rules specified coming in tds01 (to the same IP even), and those work fine.
Then I have no idea what the problem is.
I'm not using 'balance' because I want to route specific traffic out specific interfaces...note the ip rules in the dump.
See FAQs 57 and 58. The 'balance' option is not incompatible with what you want to do.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
