Ville Walveranta wrote: > That's a good point... except that in this case, without the masq entry:
> $LAN2_IF 172.16.0.0/24 10.0.0.253 > .. routing doesn't work. Traceroute won't proceed beyond the shorewall box > from LAN1 servers without it. Time to break out a packet sniffer (I tend to use tshark) and follow the packets. Do the packets get through your Shorewall box ? Do they go out the right interface ? Do they get past any filters and make it to the wire ? Does the remote machine actually respond ? Where does it send it's packets ? Do they reach your Shorewall box ? (Does the pfsense machine need some rules as well as a route adding ?) Does your Shorewall box bring them back to your own network ? Do they make it out onto the wire ? If in doubt, sit down with a piece of paper, draw your network, and draw the route packets will (or should) take for the round trip. Then use a packet sniffer and follow that route - at some point you should find where the packets stop (or are headed the wrong way) and then you know where to look for the problem. ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
