On Sat, 29 Nov 2003, S. Keel wrote: > > This seems to be working okay. I can get out from both subnets, resolv > names with dnscache, etc; but I can't see a host from one subnet to the > other. In other words, if I ping a host on wkgrp2 from a host on wkgrp1, > I get a "destination port unreachable" response. However, if I ping > 192.168.2.254 from a host on wkgrp1, or 192.168.1.254 from a host on > wkgrp2, I get a response. > > In shorewall, didn't define an additional zone for the second subnet, just > adding it to the existing loc subnet. >
But you have defined some loc->loc rules. In that case, Shorewall assumes that you want to apply the all->all policy for those connections that don't match one of the rules. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
