Re: [Shorewall-users] two ipsec tunnels but only one entry in table 220

Mon, 28 Oct 2013 12:24:14 -0700 

Am Montag, 28. Oktober 2013, 11:56:08 schrieb Tom Eastep:
> On 10/28/2013 10:07 AM, Axel Zöllich wrote:
> > With the following setup (two providers, two ipsec tunnels both of them
> > "INSTALLED" following ipsec status) I get only one entry in tabel 220:
> > 
> > providers:
> > tcom    1       0x100   -               ppp0            -
> > balance=2       -
> > netco   2       0x200   -               eth4            aaa.bbb.77.217
> > balance=1       -
> > 
> > tcrules:
> > 0x100:P 0.0.0.0/0
> > 0x100   $FW
> > 0x200   -               aaa.bbb.77.202
> > 
> > zones:
> > pktgh   ipsec           mode=tunnel     mss=1024
> > # Praxis G
> > jung    ipsec           mode=tunnel     mss=1024
> > # diagnostics
> > 
> > hosts:
> > pktgh   eth4:192.168.223.0/24,aaa.bbb.77.202    ipsec
> > jung    ppp0:192.168.1.0/24                     ipsec
> > 
> > root@router-pikt-1:~# ip route show table 220
> > 192.168.223.0/24 via aaa.bbb.77.217 dev eth4  proto static  src
> > 192.168.222.241
> > 
> > 192.168.223.71 is pingable.
> > A ping to 192.168.1.4 isn't successful.
> > 
> > Why there is missing an entry for 192.168.1.0/24 src 192.168.222.241 in
> > table 220?
> 
> There is no provider 220, so Shorewall is not maintaining that table.
But where the table is comming from?

> Where are you pinging from?
>From the router itself whith the following networkinterfaces:

auto eth0
iface eth0 inet static
        address 192.168.222.241
        netmask 255.255.255.0
        gateway 192.168.222.241
auto eth1
iface eth1 inet static
        address 192.168.122.189
        netmask 255.255.255.252
        up route add -host 172.18.1.1/32 gw 192.168.122.190
auto eth3
iface eth3 inet static
        address 192.168.122.97
        netmask 255.255.255.224
auto eth4
iface eth4 inet static
        address 212.117.77.218
        netmask 255.255.255.248
up ip addr add 212.117.77.222/29 brd 212.117.77.223 dev eth4 label eth4:0
auto dsl-provider
iface dsl-provider inet ppp
pre-up /sbin/ifconfig eth5 up # line maintained by pppoeconf
provider dsl-provider
auto eth5
iface eth5 inet manual
post-up /sbin/ip addr add 192.168.57.242/30 dev eth5


Axel

-- 
Wir verwenden ausschließlich blaue Elektronen aus biologischem Anbau.

------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to