Mike Lander wrote: > > Hi Jerry, > I think my whole trouble was masq file the only entry I had > was the first entry below which Tom helped me with that! > I cannot seem to grasp the entries in the masq even though if > I read an existing masq entry I can follow the meaning of it. > The best way to describe this is, the firewall seemed to > be gasping for a breath until I entered the eth1 rewrite.
Yup, for whatever reason the networking stack picks a route to use before it picks the source ip. It may have the right route, on the right interface, but with the wrong source ip. That is why those masq entries for the firewall traffic are there, it is really just a workaround... > Not sure if its perfect time will tell but now browsing > seemed to spring to life. Glad you got it to work. > I belive ack's were coming back > fand they where trying to goto local machines > instead of answering squid syn's. > Thank you. > Mike > > eth0 10.194.79.0/24 66.224.62.120 ----1st entry > eth1 66.224.62.120 10.194.79.181 That's why there is that warning in the multi-isp doc, Tom and I spent a lot of time debugging this after the multi-isp support was added. You could do one of two things, bind the app to a single ip address or add those entries. Jerry ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
