Mark Rutherford wrote: > Ok, I hope this is it... > I did the reset as requested and we tried the connection. > A machine on the local network is trying to connect to 208.60.147.148 > from 10.1.1.67 on port 22 (tcp) > The machine on the other end is expecting us to connect from 70.61.215.98 > Basically, I think the remote system just ignores us because we are > firewalled out. > The sftp client just simply fails to connect. > If I drop the other network and we only have the one provider going we > connect just fine, but then we are not firewalled out of the remote system. > > I have asked the operator of that system to allow our /29s and they > scoffed... so I have to figure this out.
There is no mystery: Routing Rules 0: from all lookup 255 1000: from all iif eth1 lookup Twc 1001: from all iif eth2 lookup Nuvox <============= 10001: from all fwmark 0x1 lookup Nuvox 10002: from all fwmark 0x2 lookup Twc 10.1.1.67 connects through eth2. So the above flagged rule sends the connection through Nuvox: Table Nuvox: 216.176.235.185 dev eth1 scope link src 216.176.235.186 216.176.235.184/29 dev eth1 proto kernel scope link src 216.176.235.186 10.1.1.0/24 dev eth2 proto kernel scope link src 10.1.1.2 default via 216.176.235.185 dev eth1 <============ It goes out through eth1 with a 216.176.... source IP. So it is working exactly as you have configured it. ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
