On Thu, May 2, 2013 at 12:31 PM, Tom Eastep <[email protected]> wrote: > On 05/02/2013 08:23 AM, Ernesto Domato wrote: >> On Thu, May 2, 2013 at 11:47 AM, Tom Eastep <[email protected]> wrote: >>> Try setting ROUTE_FILTER=No in shorewall.conf and reboot. Does the >>> Shorewall-generated configuration work now? >>> >> >> YES, it does :-) >> >> So, can you briefly explain what happended? >> > > I noticed in the non-working dump that the rp_filter flag was set on > vnet0. While that should not matter, it was the only thing that I could > see that might affect the outcome. > > You might try setting ROUTE_FILTER=Yes, and add these commands in > /etc/shorewall/start: > > echo 0 > /proc/sys/net/ipv4/conf/vnet0/rp_filter > echo 0 > /proc/sys/net/ipv4/conf/vnet0/log_martians > > Does that also solve the problem? >
No, it doesn't. And I also added this lines for all the interfaces but the behavior remains, it doesn't work. So, what does ROUTE_FILTER change?, I don't want to look on the entire script. On the other hand, I would like to keep the anti-spoofing behavior with ROUTE_FILTER=Yes Thanks. Ernesto ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
