Norman Henderson <[email protected]> wrote: > MAIN SYMPTOM: Another box 10.0.69.20 on the same VLAN vlan1 sends a > Ping to the firewall as 10.0.69.1. The ping reply is generated > however, it is sent back to 10.0.69.20 on vlan3 instead of vlan1 and, > of course, does not arrive.
OK, looking in the dump I can see what is making it do it. > Routing Rules > > 0: from all lookup local > 900: from 10.0.69.2 fwmark 0x19 lookup cem09 > 948: from all to 10.1.0.0/23 lookup main > 949: from all to 10.1.8.0/21 lookup main > 950: from all to 10.20.0.0/30 lookup main > 952: from all to 192.168.2.0/24 lookup main > 954: from all to 192.168.4.0/24 lookup main > 955: from all to 192.168.5.0/24 lookup main > 956: from all to 192.168.6.0/24 lookup main > 957: from all to 192.168.7.0/24 lookup main > 1000: from 10.0.69.0/26 lookup cem05 > 32766: from all lookup main > 32767: from all lookup default > > Table cem05: > > default via 10.1.10.35 dev vlan3 metric 10 So there is a routing rule that says traffic *from* 10.0.69.0/26 should use the cem05 routing table, table cem05 says to route that traffic via vlan3. So there's half the problem. The next question is where that's coming from ? Does "cem05" appear anywhere in any of the config files - providers or rtrules would be my first guess ? ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
