On 05/02/2013 05:40 AM, Ernesto Domato wrote: > On Tue, Apr 30, 2013 at 5:58 PM, Tom Eastep <[email protected]> wrote: >> On 04/30/2013 01:48 PM, Ernesto Domato wrote: >>> Ok, I'm still trying to solve my problem :-) >>> >>> The firewall machine has this interfaces: >>> >>> eth0 -> link to the internet >>> eth1 -> link to the local network >>> ovsbr0 -> OpenVSwitch connected to virtual machines (the Squid proxy server) >>> >>> Now, when I apply the full Shorewall rules (through "shorewall start") >>> and do a tcpdump on eth1 and ovsbr0 I see syn packets going through >>> ovsbr0 and syn reply packet coming back. But on the eth1 I just see >>> the syn packet going in just one direction (the remote one that is >>> routed by policy routing to the proxy machine) and not back to eth1 so >>> it can reach the machine that made the request. >>> >>> When I apply the shorewall iptables rules only and configure ip >>> forwarding and policy routing to the proxy by hand everything works >>> fine. >>> >>> So, I still think that the problem is on some configuration on the >>> firewall itself, even more on the kernel parameters. >>> >>> Any help?. >> >> Please capture the output of 'shorewall dump' when it is working (by >> hand configuration) and when it is not working (shorewall start) and >> forward both. >> > > Ok, here we go. Let me know what do you think? :-) >
Try setting ROUTE_FILTER=No in shorewall.conf and reboot. Does the Shorewall-generated configuration work now? Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
