On 3/25/20 3:14 PM, Kevin Parent wrote: > I operate a 5 interface router. One interface if for all radio > (wireless) traffic. There is only one zone defined for this interface. > It is called "radio" It has multiple subnets both private and public. > Private space is for management -- AP's, routers, wireless client > bridges, point to point interconnects (/30 subnets) -- and the public > space is used for customer routers. Everything works wonderfully except > for the radio intra zone traffic. It is blocked by the FORWARD chain. > > I've read the documentation. It states that intra zone traffic is > enabled by default. Unfortunately, not in my case. > > Version 5.0.15 > > Distro - Debian 9.5 Stretch > > If I try to explicitly define a policy for "radio radio ACCEPT", the > policy fails to be displayed with 'shorewall show'. If I create a rule > in /etc/shorewall/rules, shorewall check completes successfully, and > 'shorewall reload' completes successfully, but the rule is nowhere to be > found. > > So customers on one IP segment of the network try to connect to another > segment on the radio network (VPN to work, another customer) and the > FORWARD chain blocks it. I can't for the life of me figure it out. I > have a feeling it has to do with the multiple subnets I'm stuck at this > point. All routes for the whole network are on the main shorewall router. > > I'll supply any info needed. BTW, I've had this problem with 4.x.x > series as well.
First, try specifying 'routeback' on the interface in /etc/shorewall/interfaces. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster Shoreline, \ with an international standard? Washington, USA \ A: Someone who makes you an offer you http://shorewall.org \ can't understand \________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
