PLEASE STOP TOP-POSTING! On 3/8/11 2:03 PM, Gianluca Varenni wrote: > I tried adding eth0 to the local zone and the following masq file: > > #INTERFACE SUBNET ADDRESS PROTO PORT(S) > IPSEC > eth0:10.0.0.0/8 192.168.77.0/24 10.17.48.2 > eth2 192.168.77.0/24 173.166.226.234 > > but it didn't work. I was trying to ping from 192.168.77.110 to 10.17.48.1, > and what I was seeing on eth0 was non-masquerated packets. >
Then there is something in your configuration that you are not telling us. > Could it be because I'm trying to SNAT between two RFC1918 networks? No. Please include the output of 'shorewall dump' collected as described at http://www.shorewall.net/support.htm#Guidelines. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
