On 10/31/19 6:41 AM, Vieri Di Paola wrote: > Hi, > > I am trying to access host with IP address 10.215.134.111 on port 443 > from host with IP address 10.215.144.92. > > The shorewall dump during the connection attempt is here: > https://drive.google.com/file/d/16-ajeHLOq_TxU_Y6Hs0g34KNR9QpFeGq/view?usp=sharing > > I can see the requests coming into the FW but not going out of it to > the network where the dst host is. > > There's a catch to this particular communication. It's between 2 > "providers", ie., host with IP address 10.215.144.92 is in provider 1 > and host with IP address 10.215.134.111 is in provider 3. > > How can I allow this traffic? >
Basically, redo your routing. You have a large number of routing rules with priorities >= 11000; trying to route to any of the networks referenced in those rules is is not possible for packets that originate from the another provider, because the fwmark rules with priorities in the 10000-10999 range will override those rules for such traffic. Those rules should really be replaced with routes in your main routing table. It would make routing to those networks faster and would allow inter-provider traffic. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
