Hi all,after a half day searching for an error, sniffing and upgrading to the newest shorewall version I give up and the problem to you. I have following configuration in my /etc/shorewall/masq:
#INTERFACE SOURCE ADDRESS vlan7::10.231.0.0/16 192.168.222.0/24 10.231.113.30 vlan7 192.168.222.0/24 10.1.0.38Towards a special network I need a masking of all outgoing traffic to 10.231.113.30, in all other cases I use the basic address of the interface for masking. What happens? Nothing - no packet towards an address in 10.231.0.0 leaves the interface. If I swap the entries in the config file, the packets go through the interface, but are masked with the wrong IP (what would be the expected behavior). So I'm sure that there is no fault in the other config files.
Netfilter also seems to has the correct rules (whole dump enclosed): Chain vlan7_masq (1 references)pkts bytes target prot opt in out source destination 10 600 SNAT 0 -- * * 192.168.222.0/24 10.231.0.0/16 to:10.231.113.30 2 96 SNAT 0 -- * * 192.168.222.0/24 0.0.0.0/0 to:10.1.0.38
I know that I had the same construction working some month ago. Only difference is, that there it was a "real" eth interface and now it's a vlan.
Any idea? Thanks, Christian
status.txt.gz
Description: application/gzip
------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
