Ok, I ran a few tests with tcpdump (nothing relevant in the shorewall logs). I'm really new to all of this so please forgive my non-technical approach.
** From my regular user account on the $FW, no tcrules: ping goes through the wlan1 interface (source marked as 192.168.1.210), wget goes through the interface specified with the bind option. everything as expected. ** From the rtorrent user (marked in tcrules to go through the vpn): pinging ip addresses goes through wlan1 (source 192.168.1.210).. pinging web addresses, nothing testing with wget: wget --bind-address=10.9.0.10 http://ipecho.net/plain tcpdump -nei tun0 shows: 17:21:27.691855 ip: 192.168.1.210.58112 > 8.8.4.4.53: 47362+ A? ipecho.net. (28) 17:21:27.693208 ip: 192.168.1.210.58112 > 8.8.4.4.53: 15632+ AAAA? ipecho.net. (28) and nothing else.. I guess it's trying to contact google's dns servers whit no success.. and source is marked as 192.168.1.210 even when I explicitly bound wget to the tun0 ip address.. I get exactly the same results without binding wget to any interface. Nella citazione in data Thu May 1 15:19:39 2014, Tom Eastep ha scritto: > On 5/1/2014 12:05 PM, Marcello Giordano wrote: >> sorry, i missed the last bit of your message!! >> >> I had only tried testing thing with wget, my bad. >> I tried pinging a few addresses from the rtorrent user >> >> ping 10.8.0.5 no reply # this does not work on any other users on $FW >> though... >> ping 192.168.1.1 OK >> ping www.randomwebiste.com no reply >> ping ip.address.of.randmowebiste OK >> >> Downloading a file using wget, from an ip address I can successfully >> ping, doesn't work (no matter what interface i bind wget to). >> > > So, have you tried to troubleshoot that using tcpdump and looking at the > Shorewall logs? > > -Tom > > > ------------------------------------------------------------------------------ > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE > Instantly run your Selenium tests across 300+ browser/OS combos. Get > unparalleled scalability from the best Selenium testing platform available. > Simple to use. Nothing to install. Get started now for free." > http://p.sf.net/sfu/SauceLabs > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users -- Marcello Giordano giorda...@ftml.net ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
