On 10/01/2018 10:31 AM, Vieri Di Paola via Shorewall-users wrote: > On Monday, October 1, 2018, 5:50:59 PM GMT+2, Tom Eastep > <teas...@shorewall.net> wrote: >> For this type of error, I really need to see the .start file itself. > > I'll copy the .start file ASAP. > > In the meantime, I removed the following lines from the snat file: > > SNAT($IF_ISP3_IP) $IF_LAN $IF_ISP3 > SNAT($IF_ISP2_IP) $IF_LAN $IF_ISP2 > SNAT($IF_ISP1_IP) $IF_LAN $IF_ISP1 > SNAT($IF_ISP3_IP) $IF_DMZ $IF_ISP3 > SNAT($IF_ISP2_IP) $IF_DMZ $IF_ISP2 > SNAT($IF_ISP1_IP) $IF_DMZ $IF_ISP1 > > I don't get any errors, and I see that most traffic is working as expected. > However, there are some issues. For instance, I'm trying to access > 87.248.114.11 on port 443 from LAN host with IP addr. 10.215.144.48. > I can see the traffic going out and in through ppp2, but the browser client > in the LAN host cannot view the data (it seems to try to receive data all the > time). >
As I pointed out in my response to your later post, those rules won't make any difference even if correct code was generated. What I suspect is that you are running into a PMTU problem that will be corrected if you set CLAMPMSS=Yes in shorewall.conf. You have switched from using Ethernet interfaces to your ISPs to PPPoE interfaces which have an MTU of 1492 versus 1500 for Ethernet. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
