Hi list,I'm struggling with this problem for a long time, hopefully someone can explain me what I'm doing wrong:
I have a shorewall installation with interfaces net eth0 - eth1 hosts loc 10.0.10.0/24 loc 10.0.20.0/24 +some other zones and subnets there are aliases on eth1 for gateways for the two loc subnets eth1:1 10.0.10.1 eth1:2 10.0.20.1Everything works fine, loc zone can go to the net, net can go to the loc zone.
The problem is that hosts from one subnet in loc zone can not access other loc hosts from the second subnet. For example 10.0.10.100 can not ping nor access 10.0.20.100. Pinging from 10.0.10.100 to 10.0.10.200 obviously works as it does not go through shorewall.
I'm able to workaround this by defining another loc1 zone and putting 10.0.20.0 into loc1, then defining policy and rules between loc and loc1.
What I'm in fact trying to do is to do 'routeback' on a interface with multiple zones and multiple subnets. How to do it? Note that defining new zone for each new subnet is possible, but does not scale very well once the number of subnets increases.
I want to add multiple subnets to the same zone because all hosts from these subnets actually fall under the same rules, they can talk to each other, they are equal. They only need to be in separate subnets because of their geographical location.
thanx for any hints and help, feel free to ask if you need more information,
Martin (very happy shorewall user)...
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
