Nico Pagliaro wrote: > Yes, thats right!! > And it works!!! the only thing that I was missing is to copy tun0 interface > in providers. > > Now, this work fine in my lab, but in production I have another Shorewall > (older) 3.4.2 and i have made the same, but with non luck ;( > look, when I try from my client to my dmz in the log appear > kernel: Shorewall:nic2dmz:ACCEPT:IN=tun0 OUT=eth0 SRC=10.8.0.13 DST= > 192.168.0.15 LEN > (note that nic(nico) is openvpn zone) > There is no problem between internal zones, BUT if I try to go to my server > 74.53.205.xxx > log this:_ > kernel: Shorewall:all2all:REJECT:IN=tun0 OUT=eth2 SRC=10.8.0.13 DST= > 74.54.56.xxx > > It sounds like there ir no policy that apply, but in my policie file I have > nic net ACCEPT info > nic fw ACCEPT info > nic loc ACCEPT info > nic dmz ACCEPT info > Those are above the drop/reject policy and not below right?
Jerry ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
