Hi Laura
I had the same problem a while ago. I had an UDP OpenVPN server on my
firewall, and 3 routes to the server. No matter which incoming route you
used, it only ever replied on the default route.
The only ways to fix this are either switching to TCP, or moving your Open
VPN to a host behind the firewall and DNAT'ing your OpenVPN traffic to that
host.
ciao
Charl
(\_/) This is Bunny. Copy and paste Bunny
(='.'=) into your signature to help him gain
(")_(") world domination.
2009/6/1 Laura Bartolomé <[email protected]>
> Hi there
>
> I have problems too with a MultiISP configuration + Ubuntu. Well, maybe
> CONNMARK is not compiled with the kernel but is loaded like a module, I
> checked that...
>
> My output of "shorewall show capabilities | grep -i CONNMARK" is:
>
> CONNMARK Target: Available
> Extended CONNMARK Target: Available
> Connmark Match: Available
> Extended Connmark Match: Available
>
> So, it's correct, but my problems are going on... I have problems only with
> openvpn traffic (udp) and I created a tcrules file with the next to try to
> redirect this traffic to one of my ISP's but it isn't work properly...
>
> 2 $FW 0.0.0.0/0 udp - 1194
>
> Some idea? Should I recompile kernel to solve it?
>
> Thank you
>
> Laura
>
>
> -----Mensaje original-----
> De: Brian J. Murrell [mailto:[email protected]]
> Enviado el: viernes, 29 de mayo de 2009 15:35
> Para: Shorewall Users
> Asunto: Re: [Shorewall-users] CONNMARK target and connmark match support
> inUbuntu kernel
>
> On Fri, 2009-05-29 at 06:27 -0700, Tom Eastep wrote:
> >
> > Assuming that Shorewall is started on the system, as root do the
> following:
> >
> > r...@ursa:~# shorewall show capabilities | grep -i CONNMARK
> > CONNMARK Target: Available
> > Extended CONNMARK Target: Available
> > Connmark Match: Available
> > Extended Connmark Match: Available
> > r...@ursa:~#
> >
> > If the first and third links of output other than the above, then your
> > kernel and/or iptables are missing the required support.
>
> And may just need (a) module(s) to be loaded. I think they are
> nf_conntrack_ipv4 and nf_conntrack on Ubuntu Intrepid.
>
> b.
>
>
>
>
> ------------------------------------------------------------------------------
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> is a gathering of tech-side developers & brand creativity professionals.
> Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, &
> iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, &
iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
