I sent along with my first message the output of shorewall dump
The issue is that we have to transmit files via SFTP and it has to
originate from a certain address.
Otherwise, everything works as intended.
People can browse the internet, port forwarding works, etc etc.
If that dump is no good I can make another.
Here is the output of 'ip addr show'
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0a:5e:22:ec:fd brd ff:ff:ff:ff:ff:ff
inet 70.61.215.98/24 brd 70.61.215.255 scope global eth0
inet 70.61.215.99/29 brd 70.61.215.103 scope global eth0:0
inet 70.61.215.100/29 brd 70.61.215.103 scope global secondary eth0:1
inet 70.61.215.101/29 brd 70.61.215.103 scope global secondary eth0:2
inet 70.61.215.102/29 brd 70.61.215.103 scope global secondary eth0:3
inet6 fe80::20a:5eff:fe22:ecfd/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0a:5e:22:ed:0e brd ff:ff:ff:ff:ff:ff
inet 216.176.235.186/29 brd 216.176.235.191 scope global eth1
inet 216.176.235.187/29 brd 216.176.235.191 scope global secondary
eth1:0
inet 216.176.235.188/29 brd 216.176.235.191 scope global secondary
eth1:1
inet 216.176.235.189/29 brd 216.176.235.191 scope global secondary
eth1:2
inet 216.176.235.190/29 brd 216.176.235.191 scope global secondary
eth1:3
inet6 fe80::20a:5eff:fe22:ed0e/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:02:b3:03:d9:f7 brd ff:ff:ff:ff:ff:ff
inet 10.1.1.2/24 brd 10.1.1.255 scope global eth2
inet6 fe80::202:b3ff:fe03:d9f7/64 scope link
valid_lft forever preferred_lft forever
5: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
And... ip route show
70.61.215.96/29 dev eth0 proto kernel scope link src 70.61.215.99
216.176.235.184/29 dev eth1 proto kernel scope link src 216.176.235.186
10.1.1.0/24 dev eth2 proto kernel scope link src 10.1.1.2
70.61.215.0/24 dev eth0 proto kernel scope link src 70.61.215.98
default
nexthop via 216.176.235.185 dev eth1 weight 1
nexthop via 70.61.215.97 dev eth0 weight 1
default via 216.176.235.185 dev eth1
Shorewall Guy wrote:
> Mark Rutherford wrote:
>
>> Ok, well the thing about the top 2 lines was inaccurate.
>> It does work regardless of those.
>>
>> However, it still matters not what I put in there.
>> If I take those out and leave
>>
>> 1:P 0.0.0.0/0
>> 1 $FW
>>
>> In tcrules it changes nothing, breaks nothing.
>> still routes everything over isp 2
>>
>
> There is a FAQ about that...
>
> If the FAQ doesn't help then we're going to have to get a real problem
> report from you and not a couple of lines out of one configuration file.
> Please see http://www.shorewall.net/support.htm#Guidelines
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
