Hi list, one of my clients is part of the same subnet as the local Shorewall interface. If this clients wants to got to the internet its masqueraded by masq entry and routed out of the egress interface. Beside the physical ip on the client there is a loopback with a public ip which is not known by shorewall. Now I want this packet - this time with the source ip of loopback interface - to go out the same egress interface.
If I tcpdump on Shorewall local interface I see the packet with correct source and destination. If I tcpdump on egress interface I see nothing. In addition nothing is dropped or rejected by log file. This normally happens if someone forgot to add masq entry. The client source ip must be the same as the source ip once packet leaves the firewall on egress interface. I tried something like this in masq egress-if public-ip public-ip but it looks very confusing and of course it doesn't work. So my question is: how can I route a packet - originated in a natted zone - with a different source ip as shorewall expects without changing its source ip once packet leaves the firewall on egress interface? So if someone asks himself what the hell I am doing here --> Its about loadbalancing and DIRECT SERVER RETURN. Any idea? Thanks for listening. Cheers Mike ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
