Tom Eastep wrote: > > >> >> Unfortunately when I tested it, it didn't work. The problem seems to >> be that the tracking isn't working for traffic arriving on eth2 in >> DC-B. When I run tcpdumps again, the traffic is getting as far as >> eth2 on DC-B but no further, > > What does that mean? Does in mean that running tcpdump on eth2 shows > the responses? > No, all I saw was the requests coming in on eth2 but no responses. I only saw the requests on eth2 and no other interface on the router in DC-B.
Tom Eastep wrote: > Aidan Anderson wrote: > >> >> Each of the routers are running Gentoo Linux, Kernel 2.6.18, and >> Shorewall 3.2.8 > > In Shorewall terms, version 3.2.8 is really stone-age. That is two > major releases behind the current version 4.0.13. I managed to upgrade it to 3.4.8 but hit problems due to the version of iptables being too old. I hit further problems trying to get iptables upgraded and managed to totally mess up Linux on that machine. It was quite an old build of Gentoo that hadn't been updated in a while so I'm not surprised with the problems I had with it. I have managed to get round the problem in the mean time by tunnelling all traffic that arrives on the VPN device in DC-B to the VPN device in DC-A over the private link between the two data centres. This effectively means that the client traffic always arrives on eth4 in DC-A so I don't need to worry about tracking it from 2 difference sources. If I have a major outage in DC-A, I can just amend the routing on the router in DC-B to route all client bound traffic via eth4 on DC-B. Once I get the my test Gentoo Linux machine back up and running again (it may be a while), I will do some further testing on the later version of Shorewall to see if I can get the tracking working. Thank-you for you help. regards, Aidan ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
