As stolen from the Shorewall squid config, I am trying to automatize some ip rules.
It is as simple as it could be, but it is not working for me. I have Shorewall 3.4.8 and 2.6.24-r8 The config is as following. /etc/shorewall/interfaces v662 vlan662 172.31.255.3 /etc/Shorewall/zones v662 ipv4 policy has been configured well. fw v662 ACCEPT The v662 interface has ip address 172.31.255.2/30 The next hop has ip address 172.31255.1/30 There has been placed a route in table 4 as following. ip route show table 4 10.1.250.0/24 via 172.31.255.1 dev vlan662 metric 1 I want to get connected to 10.1.250.101 I have done ip rule add iif vlan662 table 4 (and it doesn´t work) I have done ip rule add from 172.31.255.2 to 10.1.250.101 iif vlan662 table 4 (and it doesn´t work) I have done ip rule add from 172.31.255.2 iif vlan662 table 4 (and it doesn´t work) If I do ip rule add from 172.31.255.2 to 10.1.250.101 table 4 (it works) If I do ip rule add from 172.31.255.2 table 4 (it works) Ok, I know how to make it work, but it isn´t the way I want shorewall (routing) to do. I want to have the interface statement (iif vlan662). So, if there is ever the interface statement, it stops to work, if I omit it, it works?! When I do tcpdump -I vlan662 -vvv I can see (in the cases it does not work), that 172.31.255.2 does not know the way back to 10.1.250.101 even if the route - as mentioned before - is present. I am a litte bit confused about, that "ip rule add iif vlan662 table 4" is not enough to make it work. Is there anyone who has an idea how to fix the problem? Thanks for any support. Cheers Michael ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
