-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 12/19/2016 12:20 PM, Luis Felipe Dominguez Vega wrote:
> Hello, i am installing my network gateway in a debian linux OS, by
> now i don't have Internet, i have two routers connected to another
> place and i want that my network can be routed to the others
> network by the routers:
>
> The IPs are examples
>
> Router 1 (192.168.0.1) eth1 | --------------- GW (10.0.0.254)
> ------------- Net (10.0.0.0/24) eth0 | Router 2 (192.168.1.1) eth2
>
> The firewall has 3 interfaces and i configure shorewall as, the
> only
rule (for test that my routing is working well) is permit the SNMP
protocol for the router monitor. But when i from a machine of the
network (10.0.0.1) i execute "" i dont get any reply, when i use
"tcpdump -i eth1 -vvv" to see if the packets come that show
>
> ###############################################################################
>
>
07:33:50.491443 IP (tos 0x0, ttl 63, id 43036, offset 0, flags [DF],
proto UDP (17), length 68)
> 10.0.0.1.49343 > 192.168.0.1.snmp: [udp sum ok] { SNMPv2c {
> GetNextRequest(25) R=15012955 } }
> ###############################################################################
>
> When i execute the snmpwalk from $FW works well.
>
> The configuration files are:
>
> /etc/shorewall/interfaces
> ###########################################################################
>
>
#ZONE IFACE BRODCAST OPTIONS
> ------------------------------------------------------ Local
> eth0 detect tcpflags,nosmurfs,routefilter R1
> eth1 detect R2 eth2 detect
> tcpflags,nosmurfs
> ############################################################################
>
> /etc/shorewall/zones
> ############################################################################
>
>
#ZONE TYPE OPTIONS IN UT
> # OPTIONS OPTIONS gw
> firewall Local ipv4 R1 ipv4 R2
> ipv4
> #############################################################################
>
> /etc/shorewall/policy
> #############################################################################
>
>
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
> $FW R2 ACCEPT $FW R1
> ACCEPT Local R2 ACCEPT Local R1
> ACCEPT R2 all DROP info R1
> all DROP info all all
> REJECT info
>
> #############################################################################
>
>
>
> /etc/shorewall/rules
> #############################################################################
>
>
SNMP(ACCEPT) Local R1:192.168.0.1
>
> Invalid(DROP) R1 all tcp
> #############################################################################
>
>
Does 192.168.0.1 know to route traffic to 10.0.0.0/24 via your
Shorewall box?
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJYWEfLAAoJEJbms/JCOk0QUGgP/R21ggYtxZMODJnIgtXOrxrk
b6K7WCPS3KGNRGjdUDNjgwBD4p2+DASu+Oz3UvtFMaEjAvMQ2JNLXjpTA1l+Lq/f
uPtPgsV20DV5L9+C1j3DW/lqs7hCYfCAG8MGN468IKaLBX+JYH47aFUtdk7kPThQ
4RPvf/w98/maWSrKuQHpSAd5JFIYHbV5Ja/IgZVvjOUD/Ceb9NBLuKvW5RQOGF0t
0h/JFGvV+gfRQmpmk4ls5xIKCU8N5kWgJGzoDcrjzOmEUJYqXymOAqpXssmmSPWQ
bCWKDCaXI8ZQ/VqcqH49eNNHn8uiVSJr7/M6W5+RClftjrPeO6wY5ZesTXgD/YFR
bEyURR4hRwdUJtN29zEJp2HJbfZYq9HdPAmjw4BP1R/5xaDLrEf6wQ2rx99ou+lQ
0b87VVuP75OFUCt5pFw8wVksGFFN8lWk3N9Xa6FHjpYf3iTpxJcACikC/EVzxRBX
fFnOD/y6LiajDfSM78V+c7jOoMsRHuz+JEmQNt1OMN3vHhZVdl7FupeL0wEgBAoi
EO6sssloB9ibhs2DXjQ4QwjjD0ZE4SDL8vqG3kZ26JPA30TxLMx/CZoFL+OJrktZ
XpCVkPZbJrcLgXGnaSKtcyTT0mchcSUFSS33hs8ilqjbf4GD06R51fw2U+S4b7IX
qj9A3tikD/vGVhVbzTYV
=YOEz
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/intel
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
