Thanks...after thinking about routefilter, I don't know why I ever added it to the public interfaces. I would be much better served replacing routefilter with norfc1918 there.
> > I can see that. But only the main table is involved in route filtering. That's correct...I realized that before, but I never took into consideration route filtering because a) I didn't get any logs (my mistake as you saw!) and b) I've had the other dnat rules in place on tds01 for weeks now with no problems. But, turning off routefilter did get the dnat functioning. I've no clue why I didn't have problems with any other rules. I'll have to ponder that one. So far, I think it must be a difference between ndev/mnet and loc as the rules to ndev and mnet always worked and loc never did. I'm also curious why after turning on LOGMARTIANS I didn't see any logs. > See FAQs 57 and 58. The 'balance' option is not incompatible with what you > want to do. I suppose I should have specified that I'm not using shorewall providers. I do plan in the future to create a balance table and use tc, whether that will be shorewall controlled or not, but that's a project for another day. I used shorewall for that in the past, and it worked very nicely. Thanks for your time Tom, and thanks for all the time you've saved me over the years writing iptables rules by hand. :) -Brad ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
