On 8/7/10 7:48 AM, Tom Eastep wrote: > On 8/6/10 11:24 PM, Michael McCallister wrote: > >> >> I confirmed this rule load correctly and you can see it via "shorewall >> show nat" >> >> 26 1560 DNAT tcp -- * * 0.0.0.0/0 >> xxx.xxx.xxx.xxx tcp dpt:43 to:192.168.1.6:4343-4344 >> >> The problem however is that I am not seeing it "cause connections to be >> assigned to ports in the range in round-robin fashion", but rather it >> always sends the request to 192.168.1.6:4343. 192.168.1.6:4344 never >> sees any activity/requests. >> >> Any help/direction is appreciated, > > Given that Shorewall is generating the correct iptables rule, there > isn't anything that we can do to change the behavior. > > You might try adding the :random option to see if that improves things.
It appears that RedHat's 3-4 year old kit doesn't support the :random option (or at least the open source derivatives of REL5 don't seem to). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
