I'm setting up Shorewall (4.4.26.1), and have been trying to figure out
routing between two LAN segments now for a few days. It's time to ask for
help.
I have three NICs: WAN (Internet), LAN1 (primary LAN), and LAN2 (link to a
"legacy" LAN). WAN-to-LAN is working inbound through NAT, and outbound
through DNAT (set in masq). LAN2 should not (and currently does not) have
access to the Internet through this Shorewall instance (it has its own
route to the Internet), and it should not be able to access LAN1, but it
should be accessible from LAN1.
I'm currently able to get to LAN2 from the Shorewall server, but not from
the other servers in LAN1 (which is the problem). The necessary rules are
in place, but apparently routing isn't working. If I disable the firewall
access rules, I get immediate "connection refused" when attempting to
connect to a server in LAN2 from a server in LAN1. When firewall access
rules are enabled, SSH simply hangs and traceroute doesn't go beyond the
firewall. LAN1 (primary) is in the 172.0.0.0 address space and LAN2
(legacy) is in the 10.0.0.0 address space.
I currently have:
$LAN2_IF 10.0.0.0/24
.. in masq, but that's not working ($LAN2_IF resolves to eth2 which is the
LAN2 interface).
My question is: What is the simplest Shorewall configuration to forward
traffic between two differently addressed LAN segments that are connected
to separate NICs? A pointer to documentation or other reference would
help, a bare-bones config example would be even better. I've been sifting
through the Shorewall documentation on routing, but haven't yet found a
matching description (for instance, I would rather not have to bridge the
LAN1 and LAN2 interfaces if it can be avoided since they need to remain
separated: LAN2 should not have access either to the Internet or LAN1).
This is my first Shorewall setup, so the solution may be really obvious.
Thanks for any advice!
Ville
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_jan
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
