----- Original Message -----
From: "Mike Lander" <[EMAIL PROTECTED]>
To: "Shorewall Users" <[email protected]>
Sent: Thursday, August 30, 2007 6:37 PM
Subject: Re: [Shorewall-users] Multi-Isp Masqerade ?
> Mike Lander wrote:
>
>> Yes this accurately reflects the network topology?
>> However I been testing squid through this now and
>> the brower pauses an balks at times. So I tried
>> 10.194.79.181 in tcp outgoing in squid.conf
>> and browsing was fine. When I changed tcp
>> outgoing to 66.224.62.120, the trouble started
>> again. You would of thought I would have been
>> the lan gateway causing trouble. any ideas?
>
> Wireshark is your friend.
>
>
> Tom ,
> Here is a tcpdump from eth1, I tryed
> one from eth0. Because I have tcpoutgoing
> in squid to 66.224.62.120. Squid should be
> trying to go out eth0. But I could see no
> evidence of traffice from 66.224.62.120
> sniffing eth0. So this is a binary dump
> of eth1 lan with host 10.194.79.199
> trying to browse web pages through
> squid.
> PS the dump is binary
> Mike
--------------------------------------------------------------------------------
I think I have this firewall really close. I have
one trouble cant seem to trace down. With the following routes
(posted below)
if I comment out like this in shorewall rules.
#REDIRECT loc 3128 tcp www - !10.194.79.181
The local machines can browse through port 80
Things seem ok.
But if I fire up squid (running on the firewall)
by uncommenting the redirect
The system returned:
(113) no route to host
At times squid may return a page.
The trouble seems to be routing for local
Any ideas on how I could diagose?
Or does this routing look ok?
Thanks
Mike
ns5:~ # shorewall show routing
Can't determine the IP address of eth2
Shorewall 4.0.2 Routing at ns5 - Sun Sep 2 04:43:52 PDT 2007
Routing Rules
0: from all lookup local
10256: from all fwmark 0x100 lookup atg
10512: from all fwmark 0x200 lookup loc
32766: from all lookup main
32767: from all lookup default
Table atg:
66.224.62.97 dev eth0 scope link src 66.224.62.120
10.194.79.0/24 dev eth1 proto kernel scope link src 10.194.79.181
default via 66.224.62.97 dev eth0
Table default:
Table loc:
10.194.79.254 dev eth1 scope link src 10.194.79.181
10.194.79.0/24 dev eth1 proto kernel scope link src 10.194.79.181
default via 10.194.79.254 dev eth1
Table local:
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 66.224.62.96 dev eth0 proto kernel scope link src 66.224.62.120
broadcast 10.194.79.0 dev eth1 proto kernel scope link src 10.194.79.181
local 10.194.79.181 dev eth1 proto kernel scope host src 10.194.79.181
local 66.224.62.120 dev eth0 proto kernel scope host src 66.224.62.120
broadcast 66.224.62.127 dev eth0 proto kernel scope link src
66.224.62.120
broadcast 10.194.79.255 dev eth1 proto kernel scope link src
10.194.79.181
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
66.224.62.96/27 dev eth0 proto kernel scope link src 66.224.62.120
10.194.79.0/24 dev eth1 proto kernel scope link src 10.194.79.181
169.254.0.0/16 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default
nexthop via 66.224.62.97 dev eth0 weight 1
nexthop via 10.194.79.254 dev eth1 weight 1
ns5:~ # ip rule ls
0: from all lookup local
10256: from all fwmark 0x100 lookup atg
10512: from all fwmark 0x200 lookup loc
32766: from all lookup main
32767: from all lookup default
ns5:~ # shorewall show routing
Can't determine the IP address of eth2
Shorewall 4.0.2 Routing at ns5 - Tue Sep 4 12:39:49 PDT 2007
Routing Rules
0: from all lookup local
10256: from all fwmark 0x100 lookup atg
10512: from all fwmark 0x200 lookup loc
32766: from all lookup main
32767: from all lookup default
Table atg:
66.224.62.97 dev eth0 scope link src 66.224.62.120
10.194.79.0/24 dev eth1 proto kernel scope link src 10.194.79.181
default via 66.224.62.97 dev eth0
Table default:
Table loc:
10.194.79.254 dev eth1 scope link src 10.194.79.181
10.194.79.0/24 dev eth1 proto kernel scope link src 10.194.79.181
default via 10.194.79.254 dev eth1
Table local:
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 66.224.62.96 dev eth0 proto kernel scope link src 66.224.62.120
broadcast 10.194.79.0 dev eth1 proto kernel scope link src 10.194.79.181
local 10.194.79.181 dev eth1 proto kernel scope host src 10.194.79.181
local 66.224.62.120 dev eth0 proto kernel scope host src 66.224.62.120
broadcast 66.224.62.127 dev eth0 proto kernel scope link src
66.224.62.120
broadcast 10.194.79.255 dev eth1 proto kernel scope link src
10.194.79.181
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
66.224.62.96/27 dev eth0 proto kernel scope link src 66.224.62.120
10.194.79.0/24 dev eth1 proto kernel scope link src 10.194.79.181
169.254.0.0/16 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default
nexthop via 66.224.62.97 dev eth0 weight 1
nexthop via 10.194.79.254 dev eth1 weight 1
ns5:~ #
ns5:~ # ip route ls
66.224.62.96/27 dev eth0 proto kernel scope link src 66.224.62.120
10.194.79.0/24 dev eth1 proto kernel scope link src 10.194.79.181
169.254.0.0/16 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default
nexthop via 66.224.62.97 dev eth0 weight 1
nexthop via 10.194.79.254 dev eth1 weight 1
ns5:~ #
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
