Typical setup. All systems running CentOS7.4 on KVM. Shorewall 5.0.14.1.
Communication with DMZ by a virtual private bridge built in virt-manager, and
communication between LAN machines is by SRIOT ethernet hardware.
The router is a VM with 3 interfaces -- fiberoptic, LAN, DMZ. -- and I followed
the doc for 3 interface, setting the SNAT file:
.MASQUERADE 10.1.111.30/32,192.168.1.0/24 eth1
(DMZ: 10. LAN: 192.)
LAN masquerades through the router fine. From the router I can ping the dmz
and ssh to it just fine.
Problem is the dmz machine can't ping out; can't even get nameservice. And
dmesg in both the dmz and router show -nothing- in dmesg.
Also I can't ssh from the lan to the dmz machine. I can ping it from the
router, and ssh in, but not from the LAN.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
