[Shorewall-users] trouble with masq

[denmat <tu2...@gm...>]

Hi list,

Having an odd occurence with masq.

When i ping from inside the firewall I see one ping go out the
external interface but two come back. One of them is addressed to the
internal ip.  What could be causing this?

setup is simple:
I have two providers balanced equally.  Both display the same behaviour.
eth0 - internal 192.168.0.0/24
eth1 - external
eth2 - 192.168.3.2/24 (goes to another router then out to internet)

masq file is:
eth1                    eth0
eth2                    eth0

In the packets going out I can't see any mention of the internal ip.
What is going on?
Wireshark shows this from eth2 on the firewall:
No.     Time        Source                Destination           Protocol Info
      3 0.000387    192.168.3.2           66.102.7.99           ICMP
  Echo (p ing) request
Frame 3 (98 bytes on wire, 98 bytes captured)
Ethernet II, Src: D-Link_c7:13:03 (00:11:95:c7:13:03), Dst:
Siig_dc:0d:ed (00:00 :ba:dc:0d:ed)
Internet Protocol, Src: 192.168.3.2 (192.168.3.2), Dst: 66.102.7.99
(66.102.7.99 )
Internet Control Message Protocol
No.     Time        Source                Destination           Protocol Info
     4 0.181311    66.102.7.99           192.168.3.2           ICMP
 Echo (p ing) reply
Frame 4 (98 bytes on wire, 98 bytes captured)
Ethernet II, Src: Siig_dc:0d:ed (00:00:ba:dc:0d:ed), Dst:
D-Link_c7:13:03 (00:11 :95:c7:13:03)
Internet Protocol, Src: 66.102.7.99 (66.102.7.99), Dst: 192.168.3.2
(192.168.3.2 )
Internet Control Message Protocol
No.     Time        Source                Destination           Protocol Info
      5 0.181414    66.102.7.99           192.168.0.30          ICMP
  Echo (p ing) reply
Frame 5 (98 bytes on wire, 98 bytes captured)
Ethernet II, Src: D-Link_c7:13:03 (00:11:95:c7:13:03), Dst:
Siig_dc:0d:ed (00:00 :ba:dc:0d:ed)
Internet Protocol, Src: 66.102.7.99 (66.102.7.99), Dst: 192.168.0.30
(192.168.0. 30)
Internet Control Message Protocol

Regards,
denmat