Hello!
I have this situation / interfaces:
Dsl0 - internet interface
Eth0 - local network
I have linux box with shorewall 2.2. And on the local network I also have a
hardware router. I have connected WAN port with settings of my linux box and
then created one more local network behind hardware router. It works fine.
I then wanted to use VPN function of this hardware router, so i created
ACCEPT and DNAT rules on shorewall so that all traffic is permited from one
external IP to this internat IP of hardware router.
Now i know that the connection works fine if i try to send packets from my
hardware router to other side, but when the hardware router from the other
side responds, I get REJECT error on the shorewall. I dont understand why is
shorewall rejecting local traffic. This is the message:
Shorewall:all2all:REJECT:IN=eth0 OUT=
MAC=00:40:f4:b2:94:96:00:19:cb:2c:df:87:08:00 SRC=85.x.x.x DST=193.x.x.x
LEN=104 TOS=0x00 PREC=0x00 TTL=245 ID=36536 PROTO=UDP SPT=500 DPT=500 LEN=84
There are external IP loged on the internal network. I dont get it.
I have accept rules for all port and tcp, udp, ah and esp for NET:IP to FW
and NET:IP to LOC.
DNAT is created for NET:IP to LOC:IP for all ports and all protocols.
Thanks for you hint and suggestions.
Scorpy
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
