I think I happened upon a similar problem last night that this explanation solved for me :)
I had a loc zone on the vlan2 interface that had access to my net zone. I added the vlan3 interface and put it in a wifi zone, and put what I needed into interfaces, zone, masq, rules, etc. I could get traffic between local zones but could not get net access for some reason. It never occurred to me that I had to add something to providers to give the new interface/zone net access. Having never seen an example that listed more than one interface in the COPY field I thought the one I had set up initially was all I ever needed. Sure enough, as soon as I added vlan3 to the COPY field things started working exactly as I thought they should. Just to make sure I have not done something foolish (as I often do), would a good explanation of the COPY field for most users be that it should contain a list of the interfaces that you would like to give internet access to? Brad C On Thu, Mar 5, 2009 at 3:05 AM, Christian Vieser <[email protected]> wrote: > Hi Tal, > > I can only give a hint to your point 1: > > 1. Communicate between VLANxx to LAN & outside. >> >> providers: >> >> bzq1 1 1 main ppp0 - track,balance vlan10 >> bzq2 2 2 main ppp1 - track,balance vlan20 >> zhav1 3 3 main ppp2 - track,balance vlan30 >> netv1 4 4 main ppp3 - track,balance vlan100 > > Your providers file is missing the other interfaces in the COPY option. > So no routing roules are created for them. > > bzq1 1 1 main ppp0 - track,balance > eth9,vlan10,vlan20,vlan30,vlan100 > bzq2 2 2 main ppp1 - track,balance > eth9,vlan10,vlan20,vlan30,vlan100 > zhav1 3 3 main ppp2 - track,balance > eth9,vlan10,vlan20,vlan30,vlan100 > netv1 4 4 main ppp3 - track,balance > eth9,vlan10,vlan20,vlan30,vlan100 > > And why four different zones for net? In most cases all interfaces to > providers should be in a common "net" zone. > > # NET > net0 ipv4 > net1 ipv4 > net2 ipv4 > net3 ipv4 > > To give you further hints, we should know more about your system, for > example routing roules. Please follow the guidelines at > http://www.shorewall.net/support.htm#Guidelines . > > Regards, > > Christian > > > ------------------------------------------------------------------------------ > Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA > -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise > -Strategies to boost innovation and cut costs with open source participation > -Receive a $600 discount off the registration fee with the source code: SFAD > http://p.sf.net/sfu/XcvMzF8H > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
