Version 4.6.1.2 / CentOS 6.10 I have a rule: DROP isp:+bogons all
I made a minor change to the ip list, then performed: shorewall check This loaded the new ip list into the shorewall configuration. I would not expect a check command to effect the active configuration. Regards - - lee On Sun, Nov 25, 2018 at 10:23 AM Tom Eastep <teas...@shorewall.net> wrote: > On 11/24/18 3:00 PM, Alex wrote: > >>> The problem I'm having is that hosts in the DMZ can't reach hosts on > >>> the private subnet 192.168.1.0/24. Should the local private network be > >>> listed in hosts among the VPN networks? > > > >> I can't begin to help you without knowing what your IPSEC config looks > >> like. The output of 'shorewall dump' would be very helpful. > > > > Thanks so much. I didn't want to ask you to go through all the other > > stuff as well, so I really appreciate it. > > > > I've pasted it here: > > https://pastebin.com/1WV223TN > > > > You'll also notice there's a bit more of the network that I didn't > > previously explain. Here's a list of all networks involved: > > > > 65.45.72.6 & 64.1.15.1: external and internal interface on cyclops > > (remote firewall) > > 68.194.193.42 & 192.168.1.1: external and internal interfaces on orion > > (local firewall) > > 107.155.66.2: remote Linux system > > 66.103.218.96/28: DMZ connected to cyclops > > 64.1.15.0/27: DMZ connected to cyclops > > > > 192.168.6.0/24: road warrior network connected to 68.195.193.42 > > 192.168.1.0/24: internal LAN > > > > > > Alex, > > I don't see anything wrong with either the IPSEC or Shorewall > configurations on Orion. > > -Tom > -- > Tom Eastep \ Q: What do you get when you cross a mobster with > Shoreline, \ an international standard? > Washington, USA \ A: Someone who makes you an offer you can't > http://shorewall.org \ understand > \_______________________________________________ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users