>Are you seeing lots of 'Martian' messages in /var/log/kern.log when you don't have the route you mention? I'm guessing so, since you are (or your >distro is) setting reverse path filtering on all interfaces. The reponse packets from 10.x.x.x are likely being dropped as martians.
interfaces: net eth0 detect tcpflags,nosmurfs,routefilter,logmartians,routeback apn eth1 detect tcpflags,nosmurfs,routefilter,logmartians,routeback itrn eth2 detect tcpflags,nosmurfs,routefilter,logmartians,routeback providers: #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY ll 1 0x1 - eth1:192.168.254.5 192.168.254.1 track,loose - sg 2 0x2 - eth1:192.168.254.5 192.168.254.3 track,loose - act 3 0x3 - eth1:192.168.254.5 192.168.254.4 track,loose - FROM http://shorewall.net/manpages/shorewall-interfaces.html Note There are certain cases where routefilter cannot be used on an interface: If USE_DEFAULT_RT=Yes in shorewall.conf(5) and the interface is listed in shorewall-providers(5). If there is an entry for the interface in shorewall-providers(5) that doesn't specify the balance option. I have routefilter on in the intenrfaces file but acording to the note I cannot use it. Regards Jan ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
