On Tue, Oct 02, 2007 at 06:30:55AM -0700, Tom Eastep wrote: > pete wrote: > > Hi, We have some FreeBSD machines that have several IP's on them and > > running snmpd. > > > > The udp packets always return on the default IP even though they come in > > on different ones during an snmpget. > > > > What is the most efficient way to handle this shorewall on the client > > box? > > Given what little you've told us, I can't even describe the problem let > alone any possible solution. See > http://www.shorewall.net/support.htm#Guidelines. Thanks, sorry I've attached what you requested.
My issue is pretty simple, but the solution isn't for me. I have a box that runs shorewall with no rules. I just need it to be able to connect via an snmp client, like snmpget to a remote machine. Normal snmp connections are not a problem as shorewall/iptables keeps track of the connections, but I need to be able to connect to a machine that is receiving the connection on one IP and returning it on another. The server receiving the connection is not the issue, but it's my client machines rules that are breaking it. If I turn off shorewall, the problem goes away. MYCLIENT(with shorewall) ---->161/udp----> PROBLEM_SERVER(receives on IP A) But when PROBLEM_SERVER receives it on IP A, it returns the udp packet on port 161 back over IP B which is the default interfaces IP. PROBLEM_SERVER(sends on IP B) ---->161/udp----> [BLOCKED]// MYCLIENT(with shorewall) So MYCLIENT's shorewall doesn't allow the packet in, because it can't relate the connection to anything. I've tried many, many different configurations, and the docks seem to describe issues close to this, but I couldn't find anything that seems to address this type of situation. Any help would be appreciated. Thanks, -- Pete Greenwell System Administrator Missouri Research and Education Network [MOREnet] http://www.more.net
status.txt.bz2
Description: Binary data
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
