Hi Tom - Here are a couple of pcaps on ppp0 from wireshark, one with ppp0 as fallback (traceroute from the Pi doesn't work but web does) and with ppp0 with no options (traceroute works but web doesn't).
In both cases you can see the udp packets going out and icmp timeouts coming back but with fallback they don't seem to make it back to the Pi. It looks like shorewall isn't opening the reverse path. Hopefully the inconsistent web behaviour is another consequence of the same problem. Several other problems which may or may not be related: 1. traceroute getting send: operation not permitted when run from the firewall itself. 2. Mobile data dongle not starting with shorewall running - possibly the same problem as 1. 3. dhcpd not starting reliably - possibly a startup sequence problem - it's worked the last twice and I didn't record the message but was something about no available NICs to serve on. Thanks again - Philip On 11/01/2017 00:38, Tom Eastep wrote: > On 01/10/2017 01:55 PM, Philip Le Riche wrote: > > Hi Tom - > > > Thanks for the greased-lightning response again, and here's the > > dump. > > > It looks to me like the traceroute packets are going out of ppp0 but > that there are no responses. Can you confirm that using tcpdump? > > Thanks, > -Tom > > ------------------------------------------------------------------------------ > Developer Access Program for Intel Xeon Phi Processors > Access to Intel Xeon Phi processor-based developer platforms. > With one year of Intel Parallel Studio XE. > Training and support from Colfax. > Order your platform today. http://sdm.link/xeonphi > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >
ppp0-fallback.pcapng
Description: Binary data
ppp0-nofallback.pcapng
Description: Binary data
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
