On 10/28/2013 10:07 AM, Axel Zöllich wrote: > With the following setup (two providers, two ipsec tunnels both of them > "INSTALLED" following ipsec status) I get only one entry in tabel 220: > > providers: > tcom 1 0x100 - ppp0 - > balance=2 - > netco 2 0x200 - eth4 aaa.bbb.77.217 > balance=1 - > > tcrules: > 0x100:P 0.0.0.0/0 > 0x100 $FW > 0x200 - aaa.bbb.77.202 > > zones: > pktgh ipsec mode=tunnel mss=1024 > > # Praxis G > jung ipsec mode=tunnel mss=1024 > > # diagnostics > > hosts: > pktgh eth4:192.168.223.0/24,aaa.bbb.77.202 ipsec > jung ppp0:192.168.1.0/24 ipsec > > root@router-pikt-1:~# ip route show table 220 > 192.168.223.0/24 via aaa.bbb.77.217 dev eth4 proto static src > 192.168.222.241 > > 192.168.223.71 is pingable. > A ping to 192.168.1.4 isn't successful. > > Why there is missing an entry for 192.168.1.0/24 src 192.168.222.241 in table > 220?
There is no provider 220, so Shorewall is not maintaining that table. Where are you pinging from? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
