That's a good point... except that in this case, without the masq entry:
$LAN2_IF 172.16.0.0/24 10.0.0.253
.. routing doesn't work. Traceroute won't proceed beyond the shorewall box
from LAN1 servers without it.
In this case it doesn't really matter. LAN2 is a small "legacy" LAN and
the point of access to it simply provides an easy way to move data to the
servers in the new LAN as the old servers are retired.
However, it would be interesting to know (for future reference) why the
masq entry seem to be required in this case. LAN2's router/gateway is a
pfSense 2 instance.
Thanks again,
Ville
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
