shorewall routing vserver
have a little question.
i have some troubles sending and receiving from my mailserver to 3
different mail servers, the strange thing was it wasn't really clear in
the mail logs why it was rejected if it arrived at all.
turns out that it is being blocked by my firewall.
i am running vservers with a private ip address like 192.168.1.* and i
do the routing via shorewall.
Shorewall:fw2dmz:REJECT:IN= OUT=dummy0 SRC=192.168.1.88 DST=192.112.***.**
and also
Jun 4 18:54:38 host kernel: martian source 192.168.1.88 from
192.112.***.**, on dev eth0
not sure how or why but it does struck me that the mail servers i have
unexplained trouble with, have IP addresses starting with 192.112 and
192.113
the martian source can be suppressed by disabling the routefilter option
in /shorewall/interfaces and adding
"DROP:info net:192.168.1.0/24 all"
in /shorewall/rules
but it does make me think that somehow 192.112.* is being seen as an
address in a private range, hence the martian notice.
at first i figured to have made some sloppy shorthand like 192.*
somewhere, but i can't trace that back in any of the files.
not sure if shorewall has a manual option for setting wich ranges are
private or what triggers it to send traffic to be send to DMZ instead
of to NET.
but then again...this would be me accusing the shorewall developer of a
lack of understanding in TCP/IP networking...........don't think so ;)
could it be another vserver advertising to listen on 192.*???
Reply to: