[EMAIL PROTECTED] wrote: > Dear all, > > If I do cause offence by posting OT here I apologise in advance, I am > however desperate for help and after posting on other forums without any > ideas I know many networking experts will see this here and hope they > can enlighten me. I will gladly donate some PayPal money to the person > who can help. > > I have a leased line on 83.111.160.6 (/30 subnet, gw is 83.111.160.5), > and they route an additional block 83.111.196.56/29 (83.111.196.57 to > 83.111.196.62 useable) over the link. > > I have a Debian box, and the routed block IP?s are setup as aliases. I > have setup the box to accept ssh and ping for each IP alias. > > /etc/network/interfaces auto eth3 > iface eth3 inet static > address 83.111.160.6 > netmask 255.255.255.252 > up ip addr add 83.111.196.57/29 brd 83.111.196.63 dev eth3 label eth3:0 > up ip addr add 83.111.196.58/29 brd 83.111.196.63 dev eth3 label eth3:1 > up ip addr add 83.111.196.59/29 brd 83.111.196.63 dev eth3 label eth3:2 > up ip addr add 83.111.196.60/29 brd 83.111.196.63 dev eth3 label eth3:3 > up ip addr add 83.111.196.61/29 brd 83.111.196.63 dev eth3 label eth3:4 > up ip addr add 83.111.196.62/29 brd 83.111.196.63 dev eth3 label eth3:5 > > And here is a snippet from the Shorewall rules config: > > Ping/ACCEPT net $FW > Ping/ACCEPT net $FW:83.111.196.57 > Ping/ACCEPT net $FW:83.111.196.58 > Ping/ACCEPT net $FW:83.111.196.59 > Ping/ACCEPT net $FW:83.111.196.60 > Ping/ACCEPT net $FW:83.111.196.61 > Ping/ACCEPT net $FW:83.111.196.62 > > I can ping 83.111.160.6 fine everywhere from any host on the internet, > but I can?t ping all of the routed IP addresses from external hosts. > Some IPs work and some don?t. With Shorewall set to reject icmp and ssh, > some of the connection attempts to IPs that work are listed as being > dropped, but traffic doesn?t even seem to hit the others at all and no > entries are made. This is a multi-ISP configuration with two providers, > however I am 99.999% sure this isn't a Shorewall issue at all for > reasons I will explain below. <snip>
> Sending from Stripe using interface 85.234.115.64, my IPs 83.111.196.60 > and 83.111.196.61 are ok, but .59 and .62 fail. Strangely, sending from > Stripe using interface 85.234.115.115 the opposite is true, .59 and .62 > are ok but .60 and .61 fail! My other servers fail connecting to .59 and > .62. > > I would greatly appreciate any pointers on this issue, I have already > contacted my ISP and they fail to believe that something is wrong. It > would be most appreciated if others could let me know if they can > contact the above IP addresses. I will gladly donate some money via > PayPal to get this resolved ASAP. > > Kind regards, > > Chris > Quoting Tom " For connection problems, we need the output of 'shorewall dump' collected as described at: http://www.shorewall.net/support.htm#Guidelines"; You have an interesting problem, but from where I am without the dump, I have no clue on your setup. FWIW, 58, 59, 62 work from here while 60, 61 fail to respond to ping. Jerry ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
