Cristian wrote: > > > On Mon, 05 Nov 2007 06:54:22 -0800, Tom Eastep <[EMAIL PROTECTED]> > wrote: > >> Please forward the output of "shorewall dump" (as a compressed >> attachment). >> Capture the dump with the configuration that fails. > > Here they come >
The only difference that I see in the two is that, because you haven't applied the patch which corrects a problem with HIGH_ROUTE_MARKS=No (see http://www.shorewall.net/shorewall_index.htm#Notice), your working configuration is operating as if you had set TC_EXPERT=Yes. So, grasping at straws, you might set TC_EXPERT=Yes in the non-working configuration and see if that makes any difference. Jerry: Do you see anything in Cristian's dumps? I also suggest that you upgrade Shorewall -- under 3.2, Shorewall does not reverse the effect of routing changes during 'shorewall restart' and 'shorewall stop'. As a consequence, the routing rules for both the working and non-working configuration are present in both configurations! Shorewall 3.4 and 4.0 do a much better job in that regard. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
