Pieter Donche wrote: > On Tue, 26 Feb 2008, Tom Eastep wrote: > >> Pieter Donche wrote: >>> On Mon, 25 Feb 2008, Simon Hobson wrote: >> nge the hostname). >>> >>> If I read the netstat -nr tables the routing looks to follow the directions >>> I want. >>> >>> >>> The setup worked for years in Shorewall 1.0.3 and also in my test setup >>> in Shorewall 4.0.6. >>> >> Shorewall cannot cause the martian messages you are seeing. Given that we've >> established that you haven't bridged the interfaces externally, I would next >> carefully check the cabling. Traffic from your local network is arriving on >> eth0 -- that means that eth0 is cabled to the local network even though you >> have defined eth0 as your 'net' interface. > > Maybe my description was not so clear: I want ABC.DEF.75.* to be behind > my firewall (75.1-13 are my servers, 75.16-253 are other PCs in my > building), everthing else I consider as 'net', and this is a campus netwerk > ABC.DEF.XXX.YYY, with XXX e.g. 70, 71-74, 76-79, 80, 81, etc... > and also the whole rest of the 'Internet'. 143.129.70.201 is the address > where everything (either from the campus or from Internet) is routed to if > it has a ABC.DEF.75.* destination address. > > (Sorry, I may have referred to my campus network as my 'local network', > 'local' was not the appropriate word to use, since in fact it just > the opposite of what my 'loc' zone is...) > >> The detection of interfaces is non-deterministic in recent kernels so the >> distributions have installed measures to insure that the assignment of >> interface names to NICs is stable. But that should also be checked. > > Sorry, this is a bit too high-brow, I am afraid I don't grasp what > you mean..
It means that it is possible for the assignment of names to network interfaces may be random and may change every time that you boot. So what is eth0 one time you boot might be eth2 the next time. Recent distributions track the interfaces by MAC address and once all of the interfaces have been detected by the kernel, they are renamed as necessary. This ensures that the same interface will have the name 'eth0' each time that you boot. This can be a problem if you install a recent kernel on an old distribution and given that you are seeing local traffic arriving on your net interface, it means that you have the local network cabled to eth0. So either the cabling is wrong or the interfaces are changing identities behind your back. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
