Tom Eastep wrote: > > And if it turns out to be a Shorewall bug, then I'm going to have to ask you > to upgrade since 3.0.4 is no longer a supported Shorewall release. >
I beg your pardon. Shorewall 3.0.4 *is* still supported.
The problem, however, is unlikely to be in Multi-ISP but rather has to do
with either /etc/shorewall/nat or /etc/shorewall/masq and the ADD_IP_ALIASES
or ADD_SNAT_ALIASES options. If you have set either of these two options to
'Yes' in shorewall.conf, then with Shorewall 3.0, you must exercise care
that you exclude the primary IP address on each interface from the effects
of the option.
Example: /etc/shorewall/masq
WRONG with ADD_SNAT_ALIASES=Yes
eth0 eth1 <eth0-primary-ip>
RIGHT with ADD_SNAT_ALIASES=Yes
eth0: eth1 <eth0-primary-ip>
With /etc/shorewall/nat, the primary IP address of an interface should never
appear in the EXTERNAL column.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
