Hello again,
I added the following masq rule
#INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S)
IPSEC MARK
tun0 192.168.1.210 - -
- - 2
and disabled ROUTE_FILTER in shorewall.conf.
Everything seems to be working now!
Thanks a lot for your help!
MG
--
Marcello Giordano
giorda...@ftml.net
On Fri, May 2, 2014, at 19:02, Tom Eastep wrote:
> On 5/2/2014 2:29 PM, Marcello Giordano wrote:
> > Ok, I ran a few tests with tcpdump (nothing relevant in the shorewall
> > logs).
> > I'm really new to all of this so please forgive my non-technical
> > approach.
> >
> > ** From my regular user account on the $FW, no tcrules:
> >
> > ping goes through the wlan1 interface (source marked as 192.168.1.210),
> > wget goes through the interface specified with the bind option.
> > everything as expected.
> >
> > ** From the rtorrent user (marked in tcrules to go through the vpn):
> >
> > pinging ip addresses goes through wlan1 (source 192.168.1.210)..
> > pinging web addresses, nothing
> >
> > testing with wget:
> > wget --bind-address=10.9.0.10 http://ipecho.net/plain
> >
> > tcpdump -nei tun0 shows:
> >
> > 17:21:27.691855 ip: 192.168.1.210.58112 > 8.8.4.4.53: 47362+ A?
> > ipecho.net. (28)
> > 17:21:27.693208 ip: 192.168.1.210.58112 > 8.8.4.4.53: 15632+ AAAA?
> > ipecho.net. (28)
> >
> > and nothing else.. I guess it's trying to contact google's dns servers
> > whit no success..
> > and source is marked as 192.168.1.210 even when I explicitly bound wget
> > to the tun0 ip address..
> > I get exactly the same results without binding wget to any interface.
>
> You need a masq rule for tun0.
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos. Get
> unparalleled scalability from the best Selenium testing platform
> available.
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
> Email had 1 attachment:
> + signature.asc
> 1k (application/pgp-signature)
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
