I'm trying to make connections from over an ipsec vpn to some local machines in a zone other than loc and they're getting dropped by vpn2net. In this example I'm trying an ssh connection from 10.88.2.1 (vpn zone) to 10.99.5.5 (iscsi zone) but it's getting dropped in vpn2net instead of vpn2iscsi:
Aug 25 17:39:08 it-router kernel: [406408.700612] Shorewall:vpn2net:REJECT:IN=eth3 OUT=eth3 SRC=10.88.2.1 DST=10.99.5.5 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=20099 DF PROTO=TCP SPT=49662 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 When I try things in the loc zone it gets dropped by vpn2loc as expected: Aug 25 17:49:52 it-router kernel: [407052.372877] Shorewall:vpn2loc:REJECT:IN=eth3 OUT=vlan4 SRC=10.88.2.1 DST=10.99.4.99 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=52304 SEQ=3 MARK=0x1 My vpn zone was last in my zones file, right after the net zone. I tried moving it above the net zone but it didn't seem to make any difference. Dump of a the failed ssh connection attempt attached. Any help would be appreciated. Brad C
status.txt.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
