From: Tom Eastep <[email protected].> Date: Mon, 27 Dec 2010 09:49:29 -0800 > My sincere apologies.
No offense but I was puzzled. > I missed the LOC+. That's Loc+ for all interfaces in the loc zone. Pascal style spelling. I described this interface naming scheme a month or two back in response to interest from another list participant. Not sure whether this problem is strictly since that change. Perhaps it won't work after all. OK, this in the interfaces manual is pertinent. "routeback ... This option is also required when you have used a wildcard in the INTERFACE column if you want to allow traffic between the interfaces that match the wildcard." routeback added. joule:/etc/shorewall# egrep -v '(^ *#)|(^ *$)' interfaces net MainBoard detect dhcp,tcpflags,routefilter,nosmurfs,logmartians loc Loc+ detect tcpflags,nosmurfs,routeback vpn tun0 After 'shorewall restart' the addresses still don't show. joule:/etc/shorewall# shorewall show zones Shorewall 4.4.11.6 Zones at joule - Mon Dec 27 03:17:16 PST 2010 fw (firewall) net (ipv4) MainBoard:0.0.0.0/0 loc (ipv4) Loc+:0.0.0.0/0 vpn (ipv4) tun0:0.0.0.0/0 Naming the interfaces explicitly is no improvement. joule:/etc/shorewall# egrep -v '(^ *#)|(^ *$)' interfaces net MainBoard detect dhcp,tcpflags,routefilter,nosmurfs,logmartians loc LocPCI1 detect tcpflags,nosmurfs,routeback loc LocACS29H901847 detect tcpflags,nosmurfs,routeback vpn tun0 joule:/etc/shorewall# shorewall restart ... joule:/etc/shorewall# shorewall show zones Shorewall 4.4.11.6 Zones at joule - Mon Dec 27 04:05:01 PST 2010 fw (firewall) net (ipv4) MainBoard:0.0.0.0/0 loc (ipv4) LocACS29H901847:0.0.0.0/0 LocPCI1:0.0.0.0/0 vpn (ipv4) tun0:0.0.0.0/0 My interface names are unconventional for Linux but apparently acceptable to udev and ifconfig. Shorewall does not recognize them? If all else fails I can try reverting to the good old ethn interface names. Thanks, ... Peter E. -- Telephone 1 360 450 2132. Shop pages http://carnot.yi.org/ accessible as long as the old drives survive. Personal pages http://members.shaw.ca/peasthope/ . ------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
