Tom Eastep wrote: > Christian Vieser wrote: >> Hi all, >> >> after a half day searching for an error, sniffing and upgrading to the >> newest shorewall version I give up and the problem to you. I have >> following configuration in my /etc/shorewall/masq: >> >> #INTERFACE SOURCE ADDRESS >> vlan7::10.231.0.0/16 192.168.222.0/24 10.231.113.30 >> vlan7 192.168.222.0/24 10.1.0.38 >> >> Towards a special network I need a masking of all outgoing traffic to >> 10.231.113.30, in all other cases I use the basic address of the >> interface for masking. What happens? Nothing - no packet towards an >> address in 10.231.0.0 leaves the interface. If I swap the entries in the >> config file, the packets go through the interface, but are masked with >> the wrong IP (what would be the expected behavior). So I'm sure that >> there is no fault in the other config files. >> >> Netfilter also seems to has the correct rules (whole dump enclosed): >> >> Chain vlan7_masq (1 references) >> pkts bytes target prot opt in out source >> destination >> 10 600 SNAT 0 -- * * 192.168.222.0/24 >> 10.231.0.0/16 to:10.231.113.30 >> 2 96 SNAT 0 -- * * 192.168.222.0/24 >> 0.0.0.0/0 to:10.1.0.38 >> >> I know that I had the same construction working some month ago. Only >> difference is, that there it was a "real" eth interface and now it's a >> vlan. >> >> Any idea? > > I suspect that with the destination IP address rewritten to 10.231.113.30,
Of course I meant "...when the SOURCE IP address is rewritten..." -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
