On 02/01/2013 09:12 AM, Ville Walveranta wrote: > I'm setting up Shorewall (4.4.26.1), and have been trying to figure out > routing between two LAN segments now for a few days. It's time to ask > for help. > > I have three NICs: WAN (Internet), LAN1 (primary LAN), and LAN2 (link to > a "legacy" LAN). WAN-to-LAN is working inbound through NAT, and > outbound through DNAT (set in masq). LAN2 should not (and currently > does not) have access to the Internet through this Shorewall instance > (it has its own route to the Internet), and it should not be able to > access LAN1, but it should be accessible from LAN1. > > I'm currently able to get to LAN2 from the Shorewall server, but not > from the other servers in LAN1 (which is the problem). The necessary > rules are in place, but apparently routing isn't working. If I disable > the firewall access rules, I get immediate "connection refused" when > attempting to connect to a server in LAN2 from a server in LAN1. When > firewall access rules are enabled, SSH simply hangs and traceroute > doesn't go beyond the firewall. LAN1 (primary) is in the 172.0.0.0 > address space and LAN2 (legacy) is in the 10.0.0.0 address space. > > I currently have: > > $LAN2_IF 10.0.0.0/24 <http://10.0.0.0/24> > > .. in masq, but that's not working ($LAN2_IF resolves to eth2 which is > the LAN2 interface). >
Before forwarding the dump output, try: $LAN2_IF 0.0.0.0/0 -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_jan
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
