Re: [Shorewall-users] VPN connections

Wed, 28 Jan 2009 10:53:16 -0800 

           Thank you so much...Awesome..that worked like champ. All I 
did was added routeback to my "shorewall-interfaces". eth0 & vpn 
interface but your next part which is FAQ17. I have the file
   "/usr/share/shorewall/rfc1918" but
    RFC1918_STRICT=No is set in my shorewall.conf

  So the question is, should I still remove that file ?

Thank you
Chakri



Shorewall Guy wrote:
> Chakravarthy Girda wrote:
>> I am using shorewall for a long time.
>>
>>      Currently I testing shorewall-4.2.5-1. Here is my issue
>>
>>         LOC=172.10.1.0
>>
>> VPN1=192.10.1.0  VPN2=192.10.2.0  (VPN Interfaces)
>>
>>      I can talk between LOC -> VPN  back and forth but I cannot between 
>> VPN1 <-> VPN2 (Getting rejections on the main firewall).
> 
> Shorewall FAQ 17 is your friend.
> 
>>
>> ##shorewall-policy"
>> ###############################################################################
>> #SOURCE         DEST            POLICY          LOG             LIMIT:BURST
>>
>> loc             net             ACCEPT
>> loc             $FW             ACCEPT
>>
>> loc             vpn             ACCEPT
>> vpn             loc             ACCEPT
>>
>> $FW             net             ACCEPT
>> vpn             $FW             ACCEPT
>>
>> all             all             REJECT          info
>>
>> #shorewall-interfaces
>> ###############################################################################
>> #ZONE   INTERFACE       BROADCAST       OPTIONS
>> net      eth1         detect
>> net      eth4         detect
>> loc      eth0         detect
>> vpn      tun+         detect
> 
> You are missing the 'routeback' option on the last entry.
> 
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by:
> SourcForge Community
> SourceForge wants to tell your story.
> http://p.sf.net/sfu/sf-spreadtheword
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users


------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to