Hi Tom,

I have removed the zone nesting and the compile fails when gone and my
problems with the internet access are now solved.
In the interfaces file I have also removed the routeback as suggested
except the tun+ interface for my vpn.

Thank you for your time and for the solution.

Kind regards,
Roel de Wildt

2017-08-06 22:23 GMT+02:00 Tom Eastep <teas...@shorewall.net>:

> On 08/06/2017 09:43 AM, Roel de Wildt wrote:
> > Hi Tom,
> >
> > I have installed the ipset utility and the compile errors are gone. But
> > I can not access the internet from the 10.4.x.x subnet.
> >
>
> Shorewall zones are defined by both interface and ip addresses. Since
> gast, net, vpn and lan have distinct interfaces, there is no zone
> nesting in your configuration. Yet, you have defined zone nesting in the
> zones file.
>
> Please change your zones file to
>
> fw              firewall
> net             ipv4
> lan             ipv4
> gast            ipv4
> vpn             ipv4
>
> And with the exception of tun+, I don't believe that you want
> 'routeback' on your interfaces.
>
> -Tom
> --
> Tom Eastep        \   Q: What do you get when you cross a mobster with
> Shoreline,         \     an international standard?
> Washington, USA     \ A: Someone who makes you an offer you can't
> http://shorewall.org \   understand
>                       \_______________________________________________
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to