hi all,
i am trying to setup a multiisp setup similar to the basic setup in the documentation. however, when sending packets from the local network to the internet using snat (or masq), the returning packets never make it back to the local network. (tcpdump on external eth1 show per outgoing packet one returning with dst the public ip and than one translated packet with src the ping target and dest the correct local ip; so i guess the snat part worked, but somehow the packet is arrived (and nothing is logged)) my current guess is that some interfaces option is missing, but i'm clueless. i've simplified the config to using only one interface (so single entry in the provider) to produce my problem. i'm running shorewall 5.1.10, i'll paste the simplified configs below. any hints how to debug further are welocme stijn ips: eth0 10.141.10.242/16 eth1 157.193.16.9/25 interfaces: > int eth0 detect arp_filter,routeback > ext eth1 detect arp_filter,routeback,sfilter=10.141.0.0/16 (i've tried lots of combinations of options, i'm quite sure these not the ones i want, but the multiisp example page simply has "..." as example options. we also run some basic nat boxes (without provider), and using same options here does not work) policy: > > fw all ACCEPT > int fw ACCEPT > int ext ACCEPT > ext ext DROP info > all all REJECT info > zones > > fw firewall > ext ipv4 > int ipv4 providers > UGENTDMZ 1 - - eth1 157.193.16.126 > track,balance shorewall.conf > ADMINISABSENTMINDED=Yes > IP_FORWARDING=On > STARTUP_ENABLED=Yes > TRACK_RULES=Yes snat > SNAT(157.193.16.9) 0.0.0.0/0 eth1 rtrules and mangle are empty _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
