Brian J. Murrell wrote: > On Wed, 2007-05-09 at 07:23 -0700, Tom Eastep wrote: >> Brian J. Murrell wrote: >> >>> Any ideas? >>> >> "shorewall dump" output, please. > > [ sent ] > > But I was looking (with tcpdump) at what was leaving the ppp0 interface > and noticed that there are packets with a source address of the vlan2 > interface leaving, which is wrong. So to the nat table I go and see > this: > > Chain POSTROUTING (policy ACCEPT 1862 packets, 195K bytes) > pkts bytes target prot opt in out source > destination > 0 0 ppp0_masq all -- * ppp0 0.0.0.0/0 0.0.0.0/0 > 10773 912K vlan2_masq all -- * vlan2 0.0.0.0/0 0.0.0.0/0 > > It seems that no packets are matching that "out: ppp0" rule, although I > can most definitely see packets leaving that interface with tcpdump.
Only packets in the NEW state traverse the nat table. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
