On 11/13/2013 3:47 AM, Axel Zöllich wrote: >> It's not. Why don't you simply have this? >> >> ppp0 0.0.0.0/0 bbb.142.152.192 >> eth4 0.0.0.0/0 aaaa.117.77.218 >> >> That way, any packet leaving either interface will always have the >> proper source IP. > > I changed my configuration to: > > masq: > ppp0 0.0.0.0/0 bbb.152.162.192 > eth4 0.0.0.0/0 aaa.117.77.218 > > providers: > tcom 1 0x100 - ppp0 - > balance=2 - > netco 2 0x200 - eth4 aaa.117.77.217 > balance=1 - > > tcrules: > 0x100:P 0.0.0.0/0 > 0x100 $FW > 0x200:P - aaa.117.77.202 > 0x200 $FW aaa.117.77.202 > > > but there are packets with source IP bbb.152.162.192 and destination > aaa.117.77.202 leaving eth4.
You will need to purge the wrong conntrack entries before it will work
correctly.
Either reboot, or:
- Install the 'conntrack' utility.
- Then, either:
- Use that utility to delete the incorrect table entries; or
- 'shorewall restart -p'
'restart -p' will purge the entire table, which may result in
connections being broken.
>
> (by the way: is it packet or package?)
In the US, it is 'packet' -- in Europe, it is 'package' :-)
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access Free app hosting. Or install the open source package on any LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
