Hi list, is it true that Shorewall is not willing to forward traffic from a source-ip which is not reachable by a static route from Shorewall itself? To say it on another way. If Shorewall´s routing interface is neither connected nor able to reach that source ip does it forward or deny it?
So the situation is the following. I send from an ip which is not part of interface nor hosts file. But Shorewall should forward that packet as well matching the default route without knowing a way back to the source ip. All I see is a packet arriving on the local interface but I dont see it to leave the eternal one nor I see any drop or reject by shorewall. If I tell Shorewall the route to the source ip it works fine but I dont want this route to be configured and I want to know if this is maybe a Shorewall feature which can be turned off? And if it is a Shorewall feature does anybody knows if there is an article to read about? The same feature is available von Cisco, there it is called ip-verify-unicast-source-reachable. Thanks Mike ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
