Hi again,for the list archives I'm replying to myself. I got confused that 'routeback' option can not be specified within interfaces file for multi zone interfaces, but I have not realized that 'routeback' can be specified in hosts file. Adding the option to /etc/shorewall/hosts solved my problem...
thanx, Martin On May 15, 2009, at 18:11, Martin Man wrote:
Hi list,I'm struggling with this problem for a long time, hopefully someone can explain me what I'm doing wrong:I have a shorewall installation with interfaces net eth0 - eth1 hosts loc 10.0.10.0/24 loc 10.0.20.0/24 +some other zones and subnets there are aliases on eth1 for gateways for the two loc subnets eth1:1 10.0.10.1 eth1:2 10.0.20.1Everything works fine, loc zone can go to the net, net can go to the loc zone.The problem is that hosts from one subnet in loc zone can not access other loc hosts from the second subnet. For example 10.0.10.100 can not ping nor access 10.0.20.100. Pinging from 10.0.10.100 to 10.0.10.200 obviously works as it does not go through shorewall.I'm able to workaround this by defining another loc1 zone and putting 10.0.20.0 into loc1, then defining policy and rules between loc and loc1.What I'm in fact trying to do is to do 'routeback' on a interface with multiple zones and multiple subnets. How to do it? Note that defining new zone for each new subnet is possible, but does not scale very well once the number of subnets increases.I want to add multiple subnets to the same zone because all hosts from these subnets actually fall under the same rules, they can talk to each other, they are equal. They only need to be in separate subnets because of their geographical location.thanx for any hints and help, feel free to ask if you need more information,Martin (very happy shorewall user)... ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
