On 10/25/10 1:32 AM, N dhert wrote: > HI, > the output of ip route ls > 143.129.75.236/30 dev eth2 proto kernel > scope link src 143.129.75.238 metric 1 > 143.129.75.0/24 dev eth0 proto kernel scope > link src 143.129.75.175 metric 1 > 169.254.0.0/16 dev eth2 scope link metric 1000 > default via 143.129.75.254 dev eth0 proto static > > the output of shorewall dump is in attachment
/proc/sys/net/ipv4/ip_forward = 0 This is never going to work until you enable ipv4 forwarding (IP_FORWARDING=Yes in shorewall.conf). There are also these log messages: Oct 20 14:41:26 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=143.129.75.57 DST=143.169.254.100 LEN=74 TOS=0x00 PREC=0x00 TTL=254 ID=12911 PROTO=UDP SPT=63863 DPT=53 LEN=54 Hopefully, those were created when you still had a default gateway specified for eth2? > the output of /var/log/messages is also in an attachment The system is gratuitously adding this route: 169.254.0.0/16 dev eth2 scope link metric 1000 So broadcasts received from 169.254.0.0/16 on eth0 are considered martians. That is why you are seeing these messages. martian source 255.255.255.255 from 169.254.34.236, on dev eth0 Either delete the route or disable martian logging. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
