And which rules are from the firewall which is not being redirected?
Can you check the rules marks which the configured ones?
The reason for not being redirected is that the rules is not matching
correctly.
You can incluye logging rules in order to check why the rules are
notatching for such firewall.
Regards
El 20 oct. 2016 8:20 p. m., "Randy Baca" <ra...@rbaca.com> escribió:
> Here is sanitized output. It all looks normal.
>
>
>
> root@zenlb01:~# iptables -L -t mangle
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> MARK udp -- anywhere (ZLB VIP) statistic mode
> random probability 1.00000000000 multiport dports syslog /*
> FARM_SyslogUDP_4_ */ MARK set 0x206
> MARK udp -- anywhere (ZLB VIP) statistic mode
> random probability 0.72727272706 multiport dports syslog /*
> FARM_SyslogUDP_3_ */ MARK set 0x205
> MARK udp -- anywhere (ZLB VIP) statistic mode
> random probability 0.45454545459 multiport dports syslog /*
> FARM_SyslogUDP_2_ */ MARK set 0x204
> MARK udp -- anywhere (ZLB VIP) statistic mode
> random probability 0.18181818165 multiport dports syslog /*
> FARM_SyslogUDP_1_ */ MARK set 0x203
> MARK udp -- anywhere (ZLB VIP) statistic mode
> random probability 0.03636363614 multiport dports syslog /*
> FARM_SyslogUDP_0_ */ MARK set 0x200
> MARK tcp -- anywhere (ZLB VIP) statistic mode
> random probability 1.00000000000 multiport dports shell /*
> FARM_SyslogTCP_3_ */ MARK set 0x208
> MARK tcp -- anywhere (ZLB VIP) statistic mode
> random probability 0.75000000000 multiport dports shell /*
> FARM_SyslogTCP_2_ */ MARK set 0x207
> MARK tcp -- anywhere (ZLB VIP) statistic mode
> random probability 0.50000000000 multiport dports shell /*
> FARM_SyslogTCP_1_ */ MARK set 0x202
> MARK tcp -- anywhere (ZLB VIP) statistic mode
> random probability 0.25000000000 multiport dports shell /*
> FARM_SyslogTCP_0_ */ MARK set 0x201
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> root@zenlb01:~#
> root@zenlb01:~#
> root@zenlb01:~# iptables -L -t nat
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> DNAT tcp -- anywhere anywhere mark match
> 0x201 /* FARM_SyslogTCP_0_ */ to:(Server0):514
> DNAT tcp -- anywhere anywhere mark match
> 0x202 /* FARM_SyslogTCP_1_ */ to:(Server1):514
> DNAT tcp -- anywhere anywhere mark match
> 0x207 /* FARM_SyslogTCP_2_ */ to:(Server2):514
> DNAT tcp -- anywhere anywhere mark match
> 0x208 /* FARM_SyslogTCP_3_ */ to:(Server3):514
> DNAT udp -- anywhere anywhere mark match
> 0x200 /* FARM_SyslogUDP_0_ */ to:(Server0):514
> DNAT udp -- anywhere anywhere mark match
> 0x203 /* FARM_SyslogUDP_1_ */ to:(Server1):514
> DNAT udp -- anywhere anywhere mark match
> 0x204 /* FARM_SyslogUDP_2_ */ to:(Server2):514
> DNAT udp -- anywhere anywhere mark match
> 0x205 /* FARM_SyslogUDP_3_ */ to:(Server3):514
> DNAT udp -- anywhere anywhere mark match
> 0x206 /* FARM_SyslogUDP_4_ */ to:(Server4):514
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
>
>
>
> *RB*
> ------------------------------
> *From:* Laura Garcia [nev...@gmail.com]
> *Sent:* Thursday, October 20, 2016 10:52 AM
> *To:* zenloadbalancer-support@lists.sourceforge.net
> *Subject:* Re: [Zenloadbalancer-support] UDP Port 514 Unreachable
>
> Hi Randy, maybe the L4 rules are not generated properly for this certain
> firewall client.
>
> Could you check if the rules for this firewall has the same rules than the
> others in the following commands?
>
> iptables -L -t mangle
> iptables -L -t nat
>
> Regards.
>
>
> Laura Garcia
> Zen Load Balancer Team
> www.zenloadbalancer.com
>
> On Thu, Oct 20, 2016 at 7:29 PM, Randy Baca <ra...@rbaca.com> wrote:
>
>> Hi,
>>
>> I am running ZLB to load balance syslog messages coming from my firewalls
>> to a farm of log parsers. One firewall is sending syslogs but instead of
>> load-balancing the packets like the other firewalls ( all Cisco ASA) the
>> ZLB responds to the one firewall with this message:
>>
>>
>>
>> 10:21:25.683555 IP (firewall).514 > (ZLB VIP).514: SYSLOG local4.info,
>> length: 147
>>
>> 10:19:44.045419 IP (ZLB VIP) > (firewall): ICMP 10.251.253.50 udp port
>> 514 unreachable, length 183
>>
>>
>>
>> Does anyone know why this is happening? All the other firewalls are
>> being load-balanced properly.
>>
>>
>>
>> *RB*
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Zenloadbalancer-support mailing list
>> Zenloadbalancer-support@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>>
>>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Zenloadbalancer-support mailing list
> Zenloadbalancer-support@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Zenloadbalancer-support mailing list
Zenloadbalancer-support@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
