On Apr 23, 2011, at 2:36 PM, James wrote: > Hey there... Attached is a shorewall dump, removed a few useless things. > If there is too much going on, let me know and I can add more details. > Hope this is okay, >> >> NET_IF:1 192.168.123.253 203.0.113.253 >> NET_IF:2 192.168.123.254 203.0.113.254 >> >> Note the :1 and :2 correspond to the legacy labels that VRRP sets.
I don't see anything in the dump that looks like those rules. But when you add
them, I hope you put them *before* the second rule below.
Chain NET_IF_masq (1 references)
pkts bytes target prot opt in out source destination
0 0 SNAT all -- * * 172.16.1.0/24 0.0.0.0/0
to:203.0.113.253
10 620 SNAT all -- * * 192.168.123.0/24 0.0.0.0/0
to:203.0.113.253
Please configure the rules that you are trying to make work, try the ping that
fails, *then* take the dump (assuming that the ping still fails).
Thanks,
-Tom
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Fulfilling the Lean Software Promise Lean software platforms are now widely adopted and the benefits have been demonstrated beyond question. Learn why your peers are replacing JEE containers with lightweight application servers - and what you can gain from the move. http://p.sf.net/sfu/vmware-sfemails
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
