works like charm. thank you very much. regards julian
On 23/05/2013 22:38, Tom Eastep wrote: > On 05/23/2013 12:54 PM, [email protected] wrote: >> hello, >> >> i have a setup which worked without a problem on debian squeeze >> (shorewall 4.4.11.6-3) and now don't work any more on debian wheezy >> (shorewall 4.5.5.3-3). >> >> the setup inlcudes 2 bridges br0 which briges to eth0 and br1 which >> bridges all virtual machines in a virtual lan. >> >>> brctl show >> >> bridge name bridge id STP enabled interfaces >> br0 8000.001517ee821c no eth0 >> br1 8000.fe54365c6402 no vnet0 >> vnet1 >> vnet2 >> >> if i try to ping/connect the lan machines i get drops. >> >> Shorewall:FORWARD:DROP:IN=br1 OUT=br1 PHYSIN=vnet0 PHYSOUT=vnet2 >> MAC=52:54:36:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=10.12.10.5 >> DST=10.12.10.2 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP >> TYPE=8 CODE=0 ID=2686 SEQ=187 >> >> >> /etc/shorewall/policy >> ..... >> lan $FW ACCEPT info >> lan net ACCEPT info >> lan lan ACCEPT info >> .... >> >> >> /etc/shorewall/shorewall.conf >> .... >> #this is set to Keep on squeeze and it is working >> IP_FORWARDING=Yes >> .... >> >> /etc/sysctl.conf >> .... >> net.ipv4.ip_forward=1 >> .... >> >> >> it's quite strange because, as i said before, the same setup works for >> me on squeeze (i am deploying with puppet). >> >> if i disable filtering the vmachines can ping each other. >> /etc/sysctl.conf >> .... >> net.bridge.bridge-nf-call-ip6tables = 0 >> net.bridge.bridge-nf-call-iptables = 0 >> net.bridge.bridge-nf-call-arptables = 0 >> .... >> >> any ideas? > > Add the 'routeback' option for br1 in /etc/shorewall/interfaces. > > -Tom > > > > ------------------------------------------------------------------------------ > Try New Relic Now & We'll Send You this Cool Shirt > New Relic is the only SaaS-based application performance monitoring service > that delivers powerful full stack analytics. Optimize and monitor your > browser, app, & servers with just a few lines of code. Try New Relic > and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may > > > > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
