Try the command shorewall clear at a root shell to set the firewall temporarily open, and see if you can then route as you expect. If you still can't it would seem to be a routing problem rather than a shorewall problem.
Regards - Philip Sent from my iPhone > On 6 Jan 2017, at 21:37, Johannes Graumann <[email protected]> > wrote: > > Hello, > > I'm running a 4 NIC firewall to route/organize my home network using > shorewall/ > dnsmasq and am at a loss why I can't connect (or ping) between subnets that > hang on different nets. Access to the net (eth0) is working beautifully) and > the subnets are able to ping the IP associated with the NICs on the FW, but > not into the subnets beyond. I'm running in circles and are unclear where the > problem is. Any advise is highly appreciated. > > /sbin/shorewall version > 4.6.4.3 > > ip addr show > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group > default > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > valid_lft forever preferred_lft forever > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP > group default qlen 1000 > link/ether 00:00:24:d0:62:dc brd ff:ff:ff:ff:ff:ff > inet 192.168.2.100/24 brd 192.168.2.255 scope global eth0 > valid_lft forever preferred_lft forever > inet6 fe80::200:24ff:fed0:62dc/64 scope link > valid_lft forever preferred_lft forever > 3: can0: <NOARP,ECHO> mtu 16 qdisc noop state DOWN group default qlen 10 > link/can > 4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP > group default qlen 1000 > link/ether 00:00:24:d0:62:dd brd ff:ff:ff:ff:ff:ff > inet 10.10.1.1/24 brd 10.10.1.255 scope global eth1 > valid_lft forever preferred_lft forever > inet6 fe80::200:24ff:fed0:62dd/64 scope link > valid_lft forever preferred_lft forever > 5: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP > group default qlen 1000 > link/ether 00:00:24:d0:62:de brd ff:ff:ff:ff:ff:ff > inet 10.10.4.1/24 brd 10.10.4.255 scope global eth2 > valid_lft forever preferred_lft forever > inet6 fe80::200:24ff:fed0:62de/64 scope link > valid_lft forever preferred_lft forever > 6: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP > group default qlen 1000 > link/ether 00:00:24:d0:62:df brd ff:ff:ff:ff:ff:ff > inet 10.10.5.1/24 brd 10.10.5.255 scope global eth3 > valid_lft forever preferred_lft forever > inet6 fe80::200:24ff:fed0:62df/64 scope link > valid_lft forever preferred_lft forever > > ip route show > default via 192.168.2.1 dev eth0 > 10.10.1.0/24 dev eth1 proto kernel scope link src 10.10.1.1 > 10.10.4.0/24 dev eth2 proto kernel scope link src 10.10.4.1 > 10.10.5.0/24 dev eth3 proto kernel scope link src 10.10.5.1 > 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.100 > > Reuslt of shorewall dump is attached. > <shorewall_dump.txt.bz2> > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
