On 3/26/20 1:30 PM, Tom Eastep wrote:
On 3/25/20 3:14 PM, Kevin Parent wrote:
I operate a 5 interface router. One interface if for all radio
(wireless) traffic. There is only one zone defined for this interface.
It is called "radio" It has multiple subnets both private and public.
Private space is for management -- AP's, routers, wireless client
bridges, point to point interconnects (/30 subnets) -- and the public
space is used for customer routers. Everything works wonderfully except
for the radio intra zone traffic. It is blocked by the FORWARD chain.
I've read the documentation. It states that intra zone traffic is
enabled by default. Unfortunately, not in my case.
Version 5.0.15
Distro - Debian 9.5 Stretch
If I try to explicitly define a policy for "radio radio ACCEPT", the
policy fails to be displayed with 'shorewall show'. If I create a rule
in /etc/shorewall/rules, shorewall check completes successfully, and
'shorewall reload' completes successfully, but the rule is nowhere to be
found.
So customers on one IP segment of the network try to connect to another
segment on the radio network (VPN to work, another customer) and the
FORWARD chain blocks it. I can't for the life of me figure it out. I
have a feeling it has to do with the multiple subnets I'm stuck at this
point. All routes for the whole network are on the main shorewall router.
I'll supply any info needed. BTW, I've had this problem with 4.x.x
series as well.
First, try specifying 'routeback' on the interface in
/etc/shorewall/interfaces.
-Tom
Thanks. That's the solution.
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
