On Jan 15, 2012, at 12:37 PM, Erik Mundall wrote:
> ... "The successor to 'norfc1918' is NULL_ROUTE_RFC1918=Yes in
> shorewall.conf."
>
> I have tried that, and the only pings I get back are from the 10.0.0.0
> subnet. I get the following response after trying to ping a known printer on
> my network that would otherwise have been accessible:
>
> ping 192.168.3.142
> connect: Network is unreachable
192.168.3.142 is reached using the default gateway. So unless you use your
distribution's IP configuration tools to create a specific route to that host
via the default gateway, then NULL_ROUTE_RFC1918=Yes will drop packets to/from
that host.
Erik, you can't have it both ways. You know that 192.168.3.142 is an RFC 1918
host that is of interest to you, but nothing in the configuration reflects that
knowledge (or you can add an entry to /etc/shorewall/routes). On the other
hand, there is a route to 10.0.0.0/24, so that network is exempted from being
excluded by NULL_ROUTE_RFC1918=Yes.
-Tom
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
RSA(R) Conference 2012
Mar 27 - Feb 2
Save $400 by Jan. 27
Register now!
http://p.sf.net/sfu/rsa-sfdev2dev2
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
