Hi,

I'm posting again because my previous shorewall dump file was too big for the list.

Today I upgraded from shorewall 5.0.6.2 to the latest release and I'm having routing issues. I also tried to downgrade back to 5.0.6.2 but I'm still having the same issues so I don't know what's causing this.

I have this in my rtrules:

- 10.253.0.0/16 CAIB 11638

I checked the routing tables and it seems OK in my case:
Table CAIB:

172.20.11.49 dev enp2s0f0 scope link src 172.20.11.62
default via 172.20.11.49 dev enp2s0f0 src 172.20.11.62

However, I am unable to ping from host at 10.215.144.7 (or any other host in lan zone for that matter) to host at 10.253.252.186 (for example).

I'm attaching a shorewall dump according to these steps:

# shorewall restart && shorewall reset

(from FAILING host with IP addr. 10.215.144.7: ping -c 1 10.253.252.186 || traceroute -m 2 10.253.252.186)

# shorewall dump > /tmp/shorewall_dump.txt && gzip --best /tmp/shorewall_dump.txt

My shorewall version installed:

# shorewall version -a
shorewall-core: 5.0.14.1
shorewall: 5.0.14.1
shorewall6: 5.0.14.1
shorewall-init: 5.0.14.1
/var/lib/shorewall/firewall was compiled Tue Nov 22 13:02:23 CET 2016 by Shorewall version 5.0.14.1

On the other hand, if I ping or trace from $FW to the same dest then everything seems OK:

# traceroute -m 2 10.253.252.186
traceroute to 10.253.252.186 (10.253.252.186), 2 hops max, 60 byte packets
1 172.20.11.50 (172.20.11.50) 0.490 ms 0.536 ms 0.604 ms
2 172.20.4.210 (172.20.4.210) 3.660 ms 3.641 ms 3.628 ms

Where the hop at 172.20.11.50 is as expected.

Any suggestions?

Vieri