Vieri Di Paola wrote: > Hi, > > I am in the process of upgrading a multi-isp router > (ISP1, 2, 3). Previously it was working as expected > with Shorewall 3.0.8 and kernel 2.6.16. > > I'm now havig trouble with ISP2 and ISP3 only after > moving to shorewall 3.4.2 and kernel 2.6.19. Incoming > connections don't complete. > An example: > a DNAT rule redirects Internet port 443 to a lan > server. (from 217.126.158.166 to 85.48.225.159:443 -> > 10.215.144.16:443) > > Note that 85.48.225.159 (ISP3) is on the ADSL > modem/router (PPPoA) and has local IP 192.168.101.1 > and redirects all incoming traffic to 192.168.101.2 > which is the multi-isp shorewall gateway. > > Please find the shorewall dump here: > http://fhm.zapto.org/dump.gz
This doesn't look good: 10001: from all lookup ISP1 10001: from all lookup ISP1 10001: from all lookup ISP1 10001: from all lookup ISP1 10001: from all lookup ISP1 10001: from all lookup ISP1 10001: from all lookup ISP1 10001: from all lookup ISP1 10001: from all lookup ISP1 10001: from all lookup ISP1 10001: from all lookup ISP1 10001: from all lookup ISP1 10002: from all lookup ISP2 10002: from all lookup ISP2 10002: from all lookup ISP2 10002: from all lookup ISP2 10002: from all lookup ISP2 10002: from all lookup ISP2 10002: from all lookup ISP2 10002: from all lookup ISP2 10002: from all lookup ISP2 10002: from all lookup ISP2 10002: from all lookup ISP2 10002: from all lookup ISP2 10003: from all lookup ISP3 10003: from all lookup ISP3 10003: from all lookup ISP3 10003: from all lookup ISP3 10003: from all lookup ISP3 10003: from all lookup ISP3 10003: from all lookup ISP3 10003: from all lookup ISP3 10003: from all lookup ISP3 10003: from all lookup ISP3 10003: from all lookup ISP3 10003: from all lookup ISP3 What route_rules entries do you have? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
