I have to run now, so I can't look at the dumps. I am just going to make some guesses.
On Thu, May 01, 2008 at 08:56:28AM -0700, Timothy Selivanow wrote: > > Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=192.168.47.1 DST=192.168.42.1 > LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 > ID=55376 SEQ=1 > Your policy file does not specify a policy for traffic going out into the tunnel. Your all2all policy is to REJECT, hence the rejection. Either that, or you need routeback in the interfaces file and you don't have it. > > Shorewall:OUTPUT:REJECT:IN= OUT=eth0 SRC=69.30.99.148 DST=69.30.46.20 > LEN=136 TOS=0x00 PREC=0x00 TTL=64 ID=25966 DF PROTO=ESP SPI=0xccd0a1c > This one almost certainly looks like it is missing routeback. Your src address is the one you note below as being part of eth0's segment. However, the dst address and out interface are heading to eth0. I'll try and look more later. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
