On 9/8/2015 7:56 AM, Ob Noxious wrote: > On Mon, Sep 7, 2015 at 7:51 PM, Tom Eastep <[email protected] > <mailto:[email protected]>> wrote: > > > "interfaces" file: > > net eth0 nets=(!10.1.1.0/24 <http://10.1.1.0/24> > <http://10.1.1.0/24>),nosmurfs,rpfilter > > vdmz vbr nets=(10.1.1.0/24 <http://10.1.1.0/24> > <http://10.1.1.0/24>),nosmurfs,rpfilter > [...] > > Thanks for any clue on this matter. > > Have you looked at Shorewall FAQ 17? Looks like you don't have the > 'routeback' option on the vbr interface (although Shorewall should be > detecting that it is a bridge unless brctl isn't installed). > > > brctl if of course installed. I tried to add 'routeback' to the vbr line > in the "interfaces" file and restarted Shorewall but nothing improved. I > even stopped and restarted the PROXY LXC container but the result is > still the same. > > curl -I 'http://website.tld' or elinks 'http://website.tld' or nc > website.tld 80 all get out correctly and also produce 5 hits on the > logs. 5 because I have 5 other veth interfaces connected to the vbr > bridge, each corresponding to another LXC container.
Please forward the output of 'shorewall dump' collected as described at http://www.shorewall.org/support.htm#Guidelines. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
