All my addressing for this problem are public addresses. For discussion we will use 65.65.65.0/29 as the network mask for Interface Int.
My gateway's address is 65.65.65.1 There are two internal firewalls on this network, 65.65.56.2 and 65.65.65.3, both have their default route set as 65.65.65.1. Both internal firewalls can get out on the net and can access the gateway. Neither can access the other. What the gateway needs to do is respond with ICMP redirect messages for any datagram it receives from one internal firewall for the other (or any of the address ranges behind each firewall. What do I do to get ICMP redirects working? Here are my files: zones: fw firewall Int ipv4 # Ext ipv4 # policy: all fw DROP info fw all DROP info Int Ext ACCEPT Ext Int ACCEPT rules: ACCEPT all all icmp ACCEPT all fw tcp 724 ACCEPT all fw tcp 10000 ACCEPT Int fw tcp 5902:5903 ACCEPT Ext fw tcp 5902:5903 I would think that first rule would allow for ICMP redirects. BTW, I do NOT want to run an internal routing protocol on this net, static routes have always worked in the past (my speedstream did the redirects when it functioned as the gateway). ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
