Am 2014-07-30 um 17:29 schrieb Tom Eastep: > On 7/30/2014 5:16 AM, Georg Bixa wrote: >> >Hello! I am using shorewall for some years now, but i ran into trouble >> >with the following multi VLAN setup: >> > >> >The network had two VLANs (vlan21 and vlan22) which are masqueraded by >> >the firewall to a public subnet. vlan22 was running fine, but pakets on >> >vlan21 did not get an answer. >> >I setup another vlan (vlan23) to test so parameters, but that shut >> >vlan22 down. Now vlan23 is working but vlan21 and vlan22 are not. >> > >> >I did some tcpdump and found out that the packets are correctly >> >masqueraded and sent out but the response is not forwarded with the >> >following errors: >> > >> >Jul 30 12:26:33 viegw kernel: [99036.969653] >> >Shorewall:FORWARD:REJECT:IN=ppp0 OUT=vlan21 MAC= SRC=85.25. >> >182.38 DST=192.168.21.2 LEN=84 TOS=0x00 PREC=0x00 TTL=49 ID=31228 >> >PROTO=ICMP TYPE=0 CODE=0 ID=2970 SEQ=55 >> > >> >Jul 30 12:26:34 viegw kernel: [99037.160452] >> >Shorewall:FORWARD:REJECT:IN=ppp0 OUT=vlan22 MAC= SRC=85.25. >> >182.36 DST=192.168.22.2 LEN=84 TOS=0x00 PREC=0x00 TTL=50 ID=36303 >> >PROTO=ICMP TYPE=0 CODE=0 ID=2964 SEQ=59 >> > >> >I have checked routing and config files but did not come up with a >> >solution for days. >> >Any help would be much appreciated! >> >(i have attached a shorewall dump.) > What is the net->ene policy? It looks like NONE. > > -Tom
You are absolutely right! I thought this was covered with the "net all DROP" policy, but setting it explicit solved the problem. Thank you very much! And best wishes from Austria! Cheers, Georg ------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
