On 7/25/2014 11:44 AM, [email protected] wrote: > I'm working on following & understanding the flow of packets across all of > *this*. > > when I exec telnet from an external host, I see at CLIENT > > tcpdump -i tun1 > 11:32:16.532625 IP E.E.E.E.54277 > 192.168.1.2.smtp: Flags [S], seq > 1312623728, win 32768, options [mss 1308,nop,wscale > 3,sackOK,nop,nop,nop,nop,TS val 1 ecr 0], length 0 > (repeats) > > tcpdump -i eth1 > (empty) > > and at SMTP > > tcpdump -i eth0 > (empty) > > So the packets get as far as the CLIENT's VPN tunnel endpoint, but not out > the CLIENT's eth1 and thus not to the SMTP server. >
From the dump:
/proc/sys/net/ipv4/conf/all/rp_filter = 1
So *something* is setting that. Is there an entry for it in
/etc/sysctl.conf?
Try "ech0 0 > /proc/sys/net/ipv4/conf/all/rp_filter" and see if it works.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
