On 07/27/2017 08:51 AM, Adam Cécile wrote: > Hi, > > Here we go: > > 0: from all lookup local > 999: from all lookup main > 10000: from all fwmark 0x1/0xff lookup 1 > 10001: from all fwmark 0x2/0xff lookup 2 > 20000: from 10.13.70.138 lookup 1 > 20000: from 192.168.195.227 lookup 2 > 32765: from all lookup 250 > 32767: from all lookup default
Thanks > > On 07/27/2017 05:10 PM, Tom Eastep wrote: >> On 07/26/2017 11:34 PM, Adam Cécile wrote: >>> Hello, >>> >>> I made a quick setup using PBR to migrate a server from an old network >>> to a new one. >>> >>> Here is the provider file: >>> >>> #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY >>> OPTIONS COPY >>> NEW 1 1 - eth0 10.13.70.190 >>> track >>> OLD 2 2 - eth1 192.168.195.254 >>> track >>> >>> And the interfaces: >>> >>> eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 >>> inet 10.13.70.138 netmask 255.255.255.192 broadcast 10.13.70.191 >>> >>> eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 >>> inet 192.168.195.227 netmask 255.255.255.0 broadcast >>> 192.168.195.255 >>> >>> >>> Everything is working correctly except PBR seems to be overrided if the >>> client is directly connected on one of the local network. >>> >>> For instance, if I ssh this server from another machine in >>> 192.168.195.0/24 on its 10.13.70.138 address, I see packet coming from >>> eth0 but response sent through eth1. I suspect that it's the other way around (requests arrive on eth1 but responses sent through eth0)? >>> >> What is the output of 'ip rule ls'? I guess that I need to see the output of 'shorewall dump' (as an attachment) then. You can send it to me privately, if you like. Thanks, -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users