shorewall 5.2.3.2-1 ubuntu 19.10
Well, i think my problem is classic but i have't seen in FAQ what would resemble mine. on a single pc i have theses interfaces: - enp0s31f6 (172.16.99.40) : connected to local router that gives internet too : gateway 172.16.99.1 - dummy interface and a bridge on it: br0, with unroutable ip 172.16.20.1 and dhcp on it which deliver ip range 172.16.20.0/24 on 172.16.20.0/24 ip range i have lxd containers. on shorewall: ----------------- zones: fw firewall net ipv4 loc ipv4 cont ipv4 cov ipv4 interfaces: net enp0s31f6 tcpflags,logmartians,nosmurfs,sourceroute=0,dhcp cov ppp0 tcpflags,logmartians,nosmurfs,sourceroute=0,dhcp,routeback cont br0 routeback,bridge,dhcp,routefilter=1 policy: $FW all ACCEPT cont all ACCEPT cov all ACCEPT $LOG net cov ACCEPT $LOG net all DROP $LOG all all REJECT $LOG some rules in rules and snat: MASQUERADE 172.20.10.0/24 enp0s31f6 STATUS: from my container i ping internet: it works!! - if i do a tcpdump on br0: i see that the source ip is container's one and i see reply come back - if i do a tcpdump on enp0s31f6 i see the source ip is enp0s31f6 's one and i see reply come back SO ok, masquerade works fine Now the problem: i add a vpn: ppp0. this one add routes like this ones: 192.168.0.0/19 via 172.19.13.95 dev ppp0 the vpn gateway is 172.19.13.95 >From my container: - i still can ping internet and local network - i can't ping ip in ppp0 routes. If i do that, and i do tcpdump: - on br0: i can see packet go out , with container source ip: but reply never come - on enp0s31f6 i don't see anything - on ppp0 : i can see packets with container ip source and no replies. So why in that case masquerade do not work and what should i do? Regards, Gaetan
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
