Tom,
When I disable the following from rtrules:
eth0 - CABLE 1000
everything works as expected. But when I enable (uncomment), none of the DNATs
work. I have this commented out for now but I must be missing something in the
docs. I did get the conntrack utility installed but I need a little guidance
on usage.
Vernon
-----Original Message-----
From: Tom Eastep [mailto:[email protected]]
Sent: Thursday, April 18, 2013 5:25 PM
To: [email protected]
Subject: Re: [Shorewall-users] multi-isp
On 04/18/2013 02:18 PM, Vernon Fort wrote:
> I had this working and updated the kernel and shorewall to the latest
> version. The DNATS no longer work - specifically ActiveSync.
> Attached is a shorewall dump.
This is very strange:
tcp 6 271447 ESTABLISHED src=192.168.1.12 dst=70.199.129.66
sport=443 dport=10653 [UNREPLIED] src=70.199.129.66 dst=63.168.72.10
sport=10653 dport=443 mark=0 secctx=null use=2
It looks as though the conntrack entries are being built backwards with the
reply as the original direction. I have no idea what's causing that, but if you
install the 'conntrack' utility, we might learn more.
Thanks
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
