Hi, I'm posting again because my previous shorewall dump file was too big for the list.
Today I upgraded from shorewall 5.0.6.2 to the latest release and I'm having routing issues. I also tried to downgrade back to 5.0.6.2 but I'm still having the same issues so I don't know what's causing this. I have this in my rtrules: - 10.253.0.0/16 CAIB 11638 I checked the routing tables and it seems OK in my case: Table CAIB: 172.20.11.49 dev enp2s0f0 scope link src 172.20.11.62 default via 172.20.11.49 dev enp2s0f0 src 172.20.11.62 However, I am unable to ping from host at 10.215.144.7 (or any other host in lan zone for that matter) to host at 10.253.252.186 (for example). I'm attaching a shorewall dump according to these steps: # shorewall restart && shorewall reset (from FAILING host with IP addr. 10.215.144.7: ping -c 1 10.253.252.186 || traceroute -m 2 10.253.252.186) # shorewall dump > /tmp/shorewall_dump.txt && gzip --best /tmp/shorewall_dump.txt My shorewall version installed: # shorewall version -a shorewall-core: 5.0.14.1 shorewall: 5.0.14.1 shorewall6: 5.0.14.1 shorewall-init: 5.0.14.1 /var/lib/shorewall/firewall was compiled Tue Nov 22 13:02:23 CET 2016 by Shorewall version 5.0.14.1 On the other hand, if I ping or trace from $FW to the same dest then everything seems OK: # traceroute -m 2 10.253.252.186 traceroute to 10.253.252.186 (10.253.252.186), 2 hops max, 60 byte packets 1 172.20.11.50 (172.20.11.50) 0.490 ms 0.536 ms 0.604 ms 2 172.20.4.210 (172.20.4.210) 3.660 ms 3.641 ms 3.628 ms Where the hop at 172.20.11.50 is as expected. Any suggestions? Vieri
shorewall_dump.txt.gz
Description: application/gzip
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
