On 5/26/10 12:50 AM, Dave Kempe wrote: > > Error in the logs: > May 26 11:55:10 fluffy kernel: [3790273.435404] > Shorewall:FORWARD:REJECT:IN=venet0 OUT=venet0 SRC=xxx.xxx.11.119 > DST=xxx.xxx.11.152 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6459 DF PROTO=TCP > SPT=58720 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 > > policy: > all all REJECT info > > rules: > # SSH is allowed everywhere > ACCEPT all all tcp 22 > > ACCEPT vz vz tcp 22 > > (that last line was from desperation) > interfaces: > lan br0 detect > lan eth0 detect > vz venet0 detect > stor bond0 detect > > Anyone see why I am getting to error forwarding between containers? If I > change the policy to all all ACCEPT, it works fine. If I change it to > reject, I get this error. But why doesn't the rule allow it at all?
This issue is addressed by both Shorewall FAQ 17. The main thing you are missing is the 'routeback' option on the bridge in /etc/shorewall/interfaces. This is a requirement for any bridge to work properly. Note that the most recent Shorewall release will attempt to autodetect bridges and set the 'routeback' option automatically. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
