Re: [Shorewall-users] Clients in subnet A cannot access clients in subnet B

Sun, 26 Jun 2016 12:41:02 -0700 

Hi Tom,

I checked configuration and reviewed rules.
For "Ping" and "ICMP" I can see these rules:
## Permit ping access
Ping(ACCEPT)    loc,fb          $FW
Ping(ACCEPT)    $FW             loc,fb

## Drop ping access from net
Ping(DROP)      net             all

## Permit ICMP access
ACCEPT          $FW             loc,fb                  icmp
ACCEPT          $FW             net                     icmp
ACCEPT          loc,fb          net                     icmp


I guess this ruleset is incomplete, right?
And do I need a new rule for Traceroute?


Thanks and regards
Thomas

Am 26.06.2016 um 18:05 schrieb Tom Eastep:
> On 06/26/2016 07:10 AM, Tom Eastep wrote:
> > On 06/26/2016 05:53 AM, Thomas Schneider wrote:
> >> Hello!
>
> >> Indeed I mean the default router for 192.168.178.0/24.
> >> http://up.picr.de/26014890cy.jpg
>
> >> This router is limited in regards to modifications. But I have
> >> configured a static route on this router. To enable ICMP
> >> redirects, do I need to create related rules in Shorewall
> >> allowing this traffic?
>
> > No -- this problem has *nothing* to do with Shorewall.
>
>
>
> If you can get the Fritzbox to start routing the subject packets (or
> get it to issue ICMP redirects), there looks like there is a problem
> with your Shorewall configuration with regards to traffic from the
> 'fb' zone to 10.0.0.0/24 network (vmbr0) - I don't see any ACCEPT
> rules for that traffic.
>
> -Tom
> >
------------------------------------------------------------------------------
> Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in
San > Francisco, CA to explore cutting-edge tech and listen to tech
luminaries > present their vision of the future. This family event has
something for > everyone, including kids. Get more information and
register today. > http://sdm.link/attshape >
_______________________________________________ > Shorewall-users
mailing list > [email protected] >
https://lists.sourceforge.net/lists/listinfo/shorewall-users



------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to