On 7/25/2014 12:58 PM, sur...@emailengine.net wrote: >> From the dump: >> >> /proc/sys/net/ipv4/conf/all/rp_filter = 1 > > verifying at CLIENT > > cat /proc/sys/net/ipv4/conf/all/rp_filter > 1 > > >> So *something* is setting that. Is there an entry for it in >> /etc/sysctl.conf? > > checking > > grep rp_filter /etc/sysctl.conf > net.ipv4.conf.all.rp_filter = 1 > >> Try "ech0 0 > /proc/sys/net/ipv4/conf/all/rp_filter" and see if it works. > > modifying that => = 0 > > sysctl -p > cat /proc/sys/net/ipv4/conf/all/rp_filter > 0 > > retrying > > shorewall reset > telnet from external > > the situation's the same. I see the traffic on CLIENT's tun1 intfc, but not > on its eth1, or of course, SMTP. > > I'd reading throught the wiki trying to figure out what kind of rule takes > traffic 'from' the tun1 intfc and redirects it out the eth1 address, to a > particular IP.
You don't seem to have an ACCEPT rule for SMTP vpn1->lan. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users