On 11/23/2013 8:50 AM, Axel Zöllich wrote: > Am Freitag, 22. November 2013, 16:27:00 schrieb Tom Eastep: >> On 11/22/2013 1:21 PM, Axel Zöllich wrote: >>> Am Freitag, 22. November 2013, 12:58:11 schrieb Tom Eastep: >>>> On 11/22/2013 12:50 PM, Axel Zöllich wrote: >>>>>>> Conntrack Table (1512 out of 65536) >>>>>>> [...] >>>>>>> udp 17 22 src=212.117.77.218 dst=62.155.185.165 sport=1300 >>>>>>> dport=1300 >>>>>>> [UNREPLIED] src=62.155.185.165 dst=80.152.162.192 sport=1300 >>>>>>> dport=1024 >>>>>>> mark=0 use=2 >>>>>>> udp 17 172 src=62.155.185.165 dst=80.152.162.192 sport=1300 >>>>>>> dport=1300 >>>>>>> src=80.152.162.192 dst=62.155.185.165 sport=1300 dport=1300 [ASSURED] >>>>>>> mark=256 use=2 >>>>>>> [...] >>>>>>> >>>>>>> >>>>>>> How can I get rid of the additional entry when the openvpn tunnel is >>>>>>> renewed? >>>>>> >>>>>> Use the 'conntrack' utility. >>>>> >>>>> I did, but this is not what I want. >>>>> Or is actively removing of the entries the only way to reestablish a >>>>> tunnel >>>>> when connection tracking is enabled? >>>> >>>> I have no idea why you are seeing that problem. Anyone else seen it? >>> >>> Maybe there is a correlation with my two ISPs setup? >>> >>> I didn't investigate further yet, but i've got martians >>> >>>> martian source 212.117.77.218 from 217.92.133.162, on dev ppp0 >>> >>> where 212... is the IP of eth4. >> >> Are ppp0 and eth4 your provider links. > Yes. Both with fixed IPs. > > providers: > tcom 1 0x100 - ppp0 - > balance=2 - > netco 2 0x200 - eth4 212.117.77.217 > balance=1 - > > tcrules: > #alles über tcom: > 0x100:P 0.0.0.0/0 > 0x100 $FW > #Mebidia via netco > 0x200:P - 212.117.77.202 > 0x200 $FW 212.117.77.202 > 0x200:P - 212.117.77.203 > 0x200 $FW 212.117.77.203
What do you have in masq? > >> Also, is your OpenVPN setup Point-to-Point or client/server? > Client/Server and the shorewall Box acts as server. Please send me the output of 'shorewall dump'. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Shape the Mobile Experience: Free Subscription Software experts and developers: Be at the forefront of tech innovation. Intel(R) Software Adrenaline delivers strategic insight and game-changing conversations that shape the rapidly evolving mobile landscape. Sign up now. http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
