Hello I just noticed something i wasn't aware of, while building up a wireless access point :
I have FW system with 3 interfaces : 10.0.0.1/8 : local lan (eth0/loc) 192.168.0.254/24 : lan to the ISP routeur (eth1/net) 192.168.2.1/24 : DMZ (eth2/dmz) Excerpt of the rules-file : Ping/ACCEPT loc $FW Ping/ACCEPT dmz $FW Excerpt of the policy-file : net all DROP info loc net ACCEPT all all REJECT info So i noticed i can always "reach" all the FW interfaces from LOC and DMZ, ie : - from a host in DMZ : ping 192.168.0.254 is OK, and ping 10.0.0.1 is OK - from a host in LOC : ping 192.168.0.254 is OK, and ping 192.168.2.1 is OK Is it normal ? I tried changing $FW to $FW:192.168.2.1 (and similar), but it didn't seem to have the effect i want. Another thing : i read somewhere i had to allow ICMP for fragmentation messages, et al. could anyone point me to a documentation resource explaining why and what i should enable ? Thanks in advance. -- Nicolas Pillot ([EMAIL PROTECTED]) ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
