I run a firewall with dual ISP connections, and get my IPv6 through a tunnel at Hurricane Electric. Today HE added new filtering which prevents cross-traffic between tunnels, which pointed out a problem with my setup in that queries on one tunnel are indiscriminately being answered through the other tunnel. I was told that the solution to this situation lies in source-based routing... Now this seems to point out an issue which I have found few solutions to, and even what I have configured now is something I would consider a poor hack. So I am looking for a proper solution for multi-ISP setups, whereby any packets routed through my firewall to a local server will have the output sent back through the *same* ISP interface. Surely there is some simple configuration within shorewall (and shorewall6) that I have not discovered which will provide this? From what little I have discovered, I would assume the answer lies back in the originally mentioned source-based routing, but I can''t seem to find any info on configuring this under shorewall. Any help, please? ------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Ciosco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev
On Thu, 2011-10-20 at 00:21 -0600, Jeff Taylor wrote:> I run a firewall with dual ISP connections, and get my IPv6 through a tunnel at > Hurricane Electric. Today HE added new filtering which prevents cross-traffic > between tunnels, which pointed out a problem with my setup in that queries on > one tunnel are indiscriminately being answered through the other tunnel. I was > told that the solution to this situation lies in source-based routing... > > Now this seems to point out an issue which I have found few solutions to, and > even what I have configured now is something I would consider a poor hack. So I > am looking for a proper solution for multi-ISP setups, whereby any packets > routed through my firewall to a local server will have the output sent back > through the *same* ISP interface. Surely there is some simple configuration > within shorewall (and shorewall6) that I have not discovered which will provide > this? From what little I have discovered, I would assume the answer lies back > in the originally mentioned source-based routing, but I can''t seem to find any > info on configuring this under shorewall. > > Any help, please?http://www.shorewall.net/MultiISP.html. Note that there is no separate IPv6 documentation and that ''balance'' isn''t available with IPv6. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Ciosco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev
I visited that page several times last night, but it didn''t get me any closer to a solution. I have been using the providers table on my ipv4 setup for awhile now, but that doesn''t seem to actually keep a connection associated with the ISP it came in on. For example, if a query comes in to my DNS server, the reply has a 50/50 chance of coming back through either ISP. The only way I''ve been able to control the flow of packets is through a set of DNAT rules and masq entries on the firewall pushing to dedicated secondary IP''s on each server, coupled with bind9 views set to respond specifically to queries on those IP addresses. I have also been trying to set up the providers file under shorewall6, but every time I enable the entries, shorewall6 bombs on restart. Note again that I do use the providers entries under shorewall with no failures... Providers: ISP1 10 10 main sit1 2001:470:8388::1 track eth1,eth2,eth3,eth5 ISP2 20 20 main sit2 2001:470:f032::1 track eth1,eth2,eth3,eth5 When restarting, I get the following error in the log: 09:13:09 Adding Providers... RTNETLINK answers: No route to host ERROR: Command "ip -6 route add default via 2001:470:8388::1 src 2001:470:8388::1 dev sit1 table 10" Failed Note that I tried doing this with the tunnel device (sit1) and the ethernet device (eth0), making the appropriate changes to providers and interfaces. I''m just completely lost here, I don''t know what I''m missing. On 10/20/2011 07:12 AM, Tom Eastep wrote:> > http://www.shorewall.net/MultiISP.html. Note that there is no separate > IPv6 documentation and that ''balance'' isn''t available with IPv6. > > -Tom >------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Ciosco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev
On Thu, 2011-10-20 at 09:39 -0600, Jeff Taylor wrote:> > I have also been trying to set up the providers file under shorewall6, but every > time I enable the entries, shorewall6 bombs on restart. Note again that I do > use the providers entries under shorewall with no failures... > > Providers: > ISP1 10 10 main sit1 2001:470:8388::1 track > eth1,eth2,eth3,eth5 > ISP2 20 20 main sit2 2001:470:f032::1 track > eth1,eth2,eth3,eth5 > > When restarting, I get the following error in the log: > 09:13:09 Adding Providers... > RTNETLINK answers: No route to host > ERROR: Command "ip -6 route add default via 2001:470:8388::1 src > 2001:470:8388::1 dev sit1 table 10" FailedLooks like your default gateway has the same IP address as sit1!> > Note that I tried doing this with the tunnel device (sit1) and the ethernet > device (eth0), making the appropriate changes to providers and interfaces. I''m > just completely lost here, I don''t know what I''m missing.I just allocated a second tunnel from HE and set up providers: #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY HE1 1 - main sit1 2001:470:a:227::1 track mac,br0,eth1,eth2 HE2 2 - - sit2 2001:470:a:787::1 track and route_rules: #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY HE1 1 - main sit1 2001:470:a:227::1 track mac,br0,eth1,eth2 HE2 2 - - sit2 2001:470:a:787::1 track I only encountered one problem in that I had to remove the word ''cache'' from the output of ''ip -6 route ls'' when copying routes from main to table 1. Patch attached. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Ciosco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev
I''m trying to figure out here... did you accidentally copy your providers example under the route_rules as well, or is your configuration just that vastly different from what I have here? I''m running shorewall 4.4.6, it appears there are no further updates in my distro. I''m trying to dig up more info on the route_rules file, beyond the man page which doesn''t give any examples to work from, and hopefully can do some testing with that later this evening. Also, the IPv6 addresses you specified lead me to believe that you may have both addresses coming from the same HE server. In my case, because I am connected under two different providers, my tunnels are coming from two different servers (fmt2 and lax1). This is the particular scenario that they added filtering against yesterday. If both of your test connections are coming from the same source, there is no filtering against crossovers between those, so it wouldn''t be a valid test. On 10/20/2011 11:11 AM, Tom Eastep wrote:> On Thu, 2011-10-20 at 09:39 -0600, Jeff Taylor wrote: > >> I have also been trying to set up the providers file under shorewall6, but every >> time I enable the entries, shorewall6 bombs on restart. Note again that I do >> use the providers entries under shorewall with no failures... >> >> Providers: >> ISP1 10 10 main sit1 2001:470:8388::1 track >> eth1,eth2,eth3,eth5 >> ISP2 20 20 main sit2 2001:470:f032::1 track >> eth1,eth2,eth3,eth5 >> >> When restarting, I get the following error in the log: >> 09:13:09 Adding Providers... >> RTNETLINK answers: No route to host >> ERROR: Command "ip -6 route add default via 2001:470:8388::1 src >> 2001:470:8388::1 dev sit1 table 10" Failed > Looks like your default gateway has the same IP address as sit1! > >> Note that I tried doing this with the tunnel device (sit1) and the ethernet >> device (eth0), making the appropriate changes to providers and interfaces. I''m >> just completely lost here, I don''t know what I''m missing. > I just allocated a second tunnel from HE and set up providers: > > #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY > HE1 1 - main sit1 2001:470:a:227::1 track mac,br0,eth1,eth2 > HE2 2 - - sit2 2001:470:a:787::1 track > > and route_rules: > > #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY > HE1 1 - main sit1 2001:470:a:227::1 track mac,br0,eth1,eth2 > HE2 2 - - sit2 2001:470:a:787::1 track > > I only encountered one problem in that I had to remove the word ''cache'' > from the output of ''ip -6 route ls'' when copying routes from main to > table 1. Patch attached. > > -Tom > > > ------------------------------------------------------------------------------ > The demand for IT networking professionals continues to grow, and the > demand for specialized networking skills is growing even more rapidly. > Take a complimentary Learning@Ciosco Self-Assessment and learn > about Cisco certifications, training, and career opportunities. > http://p.sf.net/sfu/cisco-dev2dev > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev
On Oct 20, 2011, at 3:45 PM, Jeff Taylor wrote:> I''m trying to figure out here... did you accidentally copy your providers example under the route_rules as well, or is your configuration just that vastly different from what I have here? I''m running shorewall 4.4.6, it appears there are no further updates in my distro.Which distro -- Gentoo?> I''m trying to dig up more info on the route_rules file, beyond the man page which doesn''t give any examples to work from, and hopefully can do some testing with that later this evening. > > Also, the IPv6 addresses you specified lead me to believe that you may have both addresses coming from the same HE server. In my case, because I am connected under two different providers, my tunnels are coming from two different servers (fmt2 and lax1). This is the particular scenario that they added filtering against yesterday. If both of your test connections are coming from the same source, there is no filtering against crossovers between those, so it wouldn''t be a valid test.I''m not getting any crosstalk - I''ve verified that. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev
On Oct 20, 2011, at 3:45 PM, Jeff Taylor wrote:> I''m trying to figure out here... did you accidentally copy your providers example under the route_rules as well, or is your configuration just that vastly different from what I have here?Yes -- here''s my route_rules: #SOURCE DEST PROVIDER PRIORITY 2001:470:B:227::1/64 ::/0 HE1 11000 2001:470:B:787::1/64 ::/0 HE2 11000 -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev
Ubuntu Lucid. I applied the patch to Providers.pm that you gave, and I tried to use the Server IPv6 Address provided by HE as the gateway in the providers file, but I still getting the same failure when I try to enable the providers entries. It should be noted that I don''t think I''m actually using shorewall-perl on my setup. Here''s my providers file as it sits now: ISP1 3 - main sit1 2001:470:1f04:262::1 track eth1,eth2,eth3,eth5 ISP2 4 - main sit2 2001:470:c:316::1 track eth1,eth2,eth3,eth5 And here''s the error I get when I try to restart shorewall6: 21:39:59 Adding Providers... RTNETLINK answers: No route to host ERROR: Command "ip -6 route add default via 2001:470:1f04:262::1 src 2001:470:8388::1 dev sit1 table 3" Failed So... any thoughts as to what I''m doing wrong at this point? On 10/20/2011 05:19 PM, Tom Eastep wrote:> > On Oct 20, 2011, at 3:45 PM, Jeff Taylor wrote: > >> I''m trying to figure out here... did you accidentally copy your providers >> example under the route_rules as well, or is your configuration just that >> vastly different from what I have here? I''m running shorewall 4.4.6, it >> appears there are no further updates in my distro. > > Which distro -- Gentoo? > >> I''m trying to dig up more info on the route_rules file, beyond the man page >> which doesn''t give any examples to work from, and hopefully can do some >> testing with that later this evening. >> >> Also, the IPv6 addresses you specified lead me to believe that you may have >> both addresses coming from the same HE server. In my case, because I am >> connected under two different providers, my tunnels are coming from two >> different servers (fmt2 and lax1). This is the particular scenario that they >> added filtering against yesterday. If both of your test connections are >> coming from the same source, there is no filtering against crossovers between >> those, so it wouldn''t be a valid test. > > I''m not getting any crosstalk - I''ve verified that. > > -Tom > > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net > <http://shorewall.net/>\________________________________________________ > > > > > ------------------------------------------------------------------------------ > The demand for IT networking professionals continues to grow, and the > demand for specialized networking skills is growing even more rapidly. > Take a complimentary Learning@Cisco Self-Assessment and learn > about Cisco certifications, training, and career opportunities. > http://p.sf.net/sfu/cisco-dev2dev > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev
Interesting... it DOES work if I leave the gateway field blank (-). My connection still seems to work, and the results of "ip -6 rule ls" show that my route_rules are being entered... And yet my pings to the sit1 subnet are failing while pings to the sit2 subnet are working fine. So it appears I still have not made any progress. On 10/20/2011 09:41 PM, Jeff Taylor wrote:> Ubuntu Lucid. > > I applied the patch to Providers.pm that you gave, and I tried to use the > Server IPv6 Address provided by HE as the gateway in the providers file, but I > still getting the same failure when I try to enable the providers entries. It > should be noted that I don''t think I''m actually using shorewall-perl on my setup. > > Here''s my providers file as it sits now: > ISP1 3 - main sit1 2001:470:1f04:262::1 track > eth1,eth2,eth3,eth5 > ISP2 4 - main sit2 2001:470:c:316::1 track > eth1,eth2,eth3,eth5 > > And here''s the error I get when I try to restart shorewall6: > 21:39:59 Adding Providers... > RTNETLINK answers: No route to host > ERROR: Command "ip -6 route add default via 2001:470:1f04:262::1 src > 2001:470:8388::1 dev sit1 table 3" Failed > > So... any thoughts as to what I''m doing wrong at this point? > > > > On 10/20/2011 05:19 PM, Tom Eastep wrote: >> >> On Oct 20, 2011, at 3:45 PM, Jeff Taylor wrote: >> >>> I''m trying to figure out here... did you accidentally copy your providers >>> example under the route_rules as well, or is your configuration just that >>> vastly different from what I have here? I''m running shorewall 4.4.6, it >>> appears there are no further updates in my distro. >> >> Which distro -- Gentoo? >> >>> I''m trying to dig up more info on the route_rules file, beyond the man page >>> which doesn''t give any examples to work from, and hopefully can do some >>> testing with that later this evening. >>> >>> Also, the IPv6 addresses you specified lead me to believe that you may have >>> both addresses coming from the same HE server. In my case, because I am >>> connected under two different providers, my tunnels are coming from two >>> different servers (fmt2 and lax1). This is the particular scenario that >>> they added filtering against yesterday. If both of your test connections >>> are coming from the same source, there is no filtering against crossovers >>> between those, so it wouldn''t be a valid test. >> >> I''m not getting any crosstalk - I''ve verified that. >> >> -Tom >> >> Tom Eastep \ When I die, I want to go like my Grandfather who >> Shoreline, \ died peacefully in his sleep. Not screaming like >> Washington, USA \ all of the passengers in his car >> http://shorewall.net >> <http://shorewall.net/>\________________________________________________ >> >> >> >> >> ------------------------------------------------------------------------------ >> The demand for IT networking professionals continues to grow, and the >> demand for specialized networking skills is growing even more rapidly. >> Take a complimentary Learning@Cisco Self-Assessment and learn >> about Cisco certifications, training, and career opportunities. >> http://p.sf.net/sfu/cisco-dev2dev >> >> >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > ------------------------------------------------------------------------------ > The demand for IT networking professionals continues to grow, and the > demand for specialized networking skills is growing even more rapidly. > Take a complimentary Learning@Cisco Self-Assessment and learn > about Cisco certifications, training, and career opportunities. > http://p.sf.net/sfu/cisco-dev2dev > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev
On Thu, 2011-10-20 at 21:41 -0600, Jeff Taylor wrote:> Ubuntu Lucid. > > I applied the patch to Providers.pm that you gave, and I tried to use > the Server IPv6 Address provided by HE as the gateway in the providers > file, but I still getting the same failure when I try to enable the > providers entries. It should be noted that I don''t think I''m actually > using shorewall-perl on my setup. > > Here''s my providers file as it sits now: > ISP1 3 - main sit1 2001:470:1f04:262::1 > track eth1,eth2,eth3,eth5 > ISP2 4 - main sit2 2001:470:c:316::1 > track eth1,eth2,eth3,eth5 > > And here''s the error I get when I try to restart shorewall6: > 21:39:59 Adding Providers... > RTNETLINK answers: No route to host > ERROR: Command "ip -6 route add default via 2001:470:1f04:262::1 > src 2001:470:8388::1 dev sit1 table 3" Failed > > So... any thoughts as to what I''m doing wrong at this point?Shorewall 4.4.6 is almost two years old and had not been tried on IPv6. So it isn''t surprising that it doesn''t work. If I look at the history of changes to the Providers module, much of the IPv6 code was added/changed in April/May of this year. I see that Oneiric has 4.4.21 which should work much better for you. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev
All right, so I have spent the evening upgrading my firewall to Natty, then installing the deb packages for shorewall 4.4.23.3. I''ve made a few changes in my shorewall config that were needed for the newer versions, and I made your changes to Providers.pm again after my last update, so now both shorewall and shorewall6 are starting without errors and everything seems to be working as expected... except I am still not getting the correct routing of IPv6 traffic. For example... # ping6 2001:470:8388:10::9 does not work # ping6 2001:470:f032:10::9 DOES work Try doing a traceroute6 of each, and you''ll see where the packets appear to hop across my tunnels, and always end up on sit2 (2001:470:f032::1). My providers files (under shorewall6): ISP1 1 10 main sit1 2001:470:1f04:262::1 track eth1,eth2,eth3,eth5 ISP2 2 20 main sit2 2001:470:c:316::1 track eth1,eth2,eth3,eth5 My route_rules file: 2001:470:1f04:262::1/64 ::/0 ISP1 11000 2001:470:c:316::1/64 ::/0 ISP2 11001 At this point I''ve been working on the computer for way too many hours and need to get some sleep, but if you can possibly think of anything else for me to check, I would be very appreciative. Are there any files that should or should not be used under shorewall6 (masq, tc*, or others)? On 10/21/2011 07:49 AM, Tom Eastep wrote:> On Thu, 2011-10-20 at 21:41 -0600, Jeff Taylor wrote: >> Ubuntu Lucid. >> >> I applied the patch to Providers.pm that you gave, and I tried to use >> the Server IPv6 Address provided by HE as the gateway in the providers >> file, but I still getting the same failure when I try to enable the >> providers entries. It should be noted that I don''t think I''m actually >> using shorewall-perl on my setup. >> >> Here''s my providers file as it sits now: >> ISP1 3 - main sit1 2001:470:1f04:262::1 >> track eth1,eth2,eth3,eth5 >> ISP2 4 - main sit2 2001:470:c:316::1 >> track eth1,eth2,eth3,eth5 >> >> And here''s the error I get when I try to restart shorewall6: >> 21:39:59 Adding Providers... >> RTNETLINK answers: No route to host >> ERROR: Command "ip -6 route add default via 2001:470:1f04:262::1 >> src 2001:470:8388::1 dev sit1 table 3" Failed >> >> So... any thoughts as to what I''m doing wrong at this point? > Shorewall 4.4.6 is almost two years old and had not been tried on IPv6. > So it isn''t surprising that it doesn''t work. If I look at the history of > changes to the Providers module, much of the IPv6 code was added/changed > in April/May of this year. > > I see that Oneiric has 4.4.21 which should work much better for you. > > -Tom > > > ------------------------------------------------------------------------------ > The demand for IT networking professionals continues to grow, and the > demand for specialized networking skills is growing even more rapidly. > Take a complimentary Learning@Cisco Self-Assessment and learn > about Cisco certifications, training, and career opportunities. > http://p.sf.net/sfu/cisco-dev2dev > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev
On Sat, 2011-10-22 at 01:35 -0600, Jeff Taylor wrote:> All right, so I have spent the evening upgrading my firewall to Natty, > then installing the deb packages for shorewall 4.4.23.3. I''ve made a > few changes in my shorewall config that were needed for the newer > versions, and I made your changes to Providers.pm again after my last > update, so now both shorewall and shorewall6 are starting without > errors and everything seems to be working as expected... except I am > still not getting the correct routing of IPv6 traffic. For example... > > # ping6 2001:470:8388:10::9 > does not work > # ping6 2001:470:f032:10::9 > DOES work > > Try doing a traceroute6 of each, and you''ll see where the packets > appear to hop across my tunnels, and always end up on sit2 > (2001:470:f032::1). > > My providers files (under shorewall6): > ISP1 1 10 main sit1 2001:470:1f04:262::1 > track eth1,eth2,eth3,eth5 > ISP2 2 20 main sit2 2001:470:c:316::1 > track eth1,eth2,eth3,eth5 > > My route_rules file: > 2001:470:1f04:262::1/64 ::/0 ISP1 11000 > 2001:470:c:316::1/64 ::/0 ISP2 11001 > > At this point I''ve been working on the computer for way too many hours > and need to get some sleep, but if you can possibly think of anything > else for me to check, I would be very appreciative. Are there any > files that should or should not be used under shorewall6 (masq, tc*, > or others)?Please forward the output of ''shorewall6 dump'' as a compressed attachment. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev
File is attached... On 10/22/2011 07:17 AM, Tom Eastep wrote:> > Please forward the output of ''shorewall6 dump'' as a compressed > attachment. > > Thanks, > -Tom >------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev