On Tue, 2011-07-26 at 13:59 +0200, Tiemen Ruiten wrote: > I've got a problem routing traffic through a shorewall firewall server: > I want to connect two networks, the internal 10.0.0.0/8 of my VPS's at a > datacenter and my home 192.168.1.0/24 LAN. > > I've setup a point-to-point (10.42.1.1 <-> 10.42.1.2) OpenVPN connection > between my router at home and the shorewall firewall server that should > act as a gateway for the zone the other VPS is in. I can ping the gw-VPS > on the OpenVPN endpoint and the local 10.0.0.200 interface, I can even > ping any host on my home LAN, however I can't connect to the other VPS > (with address 10.0.1.75). > > I've attached the output of shorewall dump. Any thoughts? Thanks in advance. > You have defined your dmz network to be enormous:
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN qlen 1000
inet 10.0.0.200/8 brd 10.255.255.255 scope global eth1
If 10.0.1.75 has the same VLSM (e.g., it's NIC has address 10.0.1.75/8),
then that host thinks that 10.42.1.2 is on its own LAN and has no idea
that 10.42.1.2 must be routed via 10.0.0.200. So you either must add a
route to 10.42.1.2 via 10.0.0.200 to the VPS's routing table, or you
must come up with a more reasonable IP configuration for your DMZ LAN.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Magic Quadrant for Content-Aware Data Loss Prevention Research study explores the data loss prevention market. Includes in-depth analysis on the changes within the DLP market, and the criteria used to evaluate the strengths and weaknesses of these DLP solutions. http://www.accelacomm.com/jaw/sfnl/114/51385063/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
