[Firehol-support] Secondary internet link fails

Daniel L. Miller dmiller at amfes.com
Sun Oct 30 02:28:35 CET 2005


Costa Tsaousis wrote:

> Daniel L. Miller wrote:
>
>> Oct 28 10:25:31 foxy OUT-unknown: IN= OUT=eth2 MAC= SRC=66.199.29.170
>> DST=66.199.29.169 LEN=84 TOS=00 PREC=0x00 TTL=64 ID=41 DF PROTO=ICMP
>> TYPE=8 CODE=0 ID=9797 SEQ=42
>> Oct 28 10:25:32 foxy OUT-unknown: IN= OUT=eth2 MAC= SRC=66.199.29.170
>> DST=66.199.29.169 LEN=84 TOS=00 PREC=0x00 TTL=64 ID=42 DF PROTO=ICMP
>> TYPE=8 CODE=0 ID=9797 SEQ=43
>> Oct 28 10:25:33 foxy OUT-unknown: IN= OUT=eth2 MAC= SRC=66.199.29.170
>> DST=66.199.29.169 LEN=84 TOS=00 PREC=0x00 TTL=64 ID=43 DF PROTO=ICMP
>> TYPE=8 CODE=0 ID=9797 SEQ=44
>> Oct 28 11:08:07 foxy OUT-unknown: IN= OUT=eth2 MAC= SRC=192.168.0.1
>> DST=66.199.29.175 LEN=78 TOS=00 PREC=0x00 TTL=64 ID=8513 DF PROTO=UDP
>> SPT=137 DPT=137 LEN=58
>>
> OUT-unknown means "none of the defined interfaces matches this traffic".
> Also, this is traffic you are trying to send.
>
> To my understanding, if your config is like the one you sent, either:
>
> 1. You have a wrong UNROUTABLE_IPS variable, or
> 2. You have a broken BASH and firehol generates faulty rules.
>
> If you need help,  please send me:
>
> a. Your exact config file
> b. the output of:
>
> firehol debug
>
> using the config you sent
>
> c.A few log lines, like above, but with the exact config you will send.
>
> Costa

I can get outbound by deleting the destination clause - though the 
source clause still works.  I still can't get inbound, however.

Daniel




More information about the Firehol-support mailing list