On 2023-01-19 11:31, Justin Pryzby wrote:
On Thu, Jan 19, 2023 at 08:28:00AM -0700, Shorewall via Shorewall-users
wrote:
On 2023-01-18 23:52, Simon Matter wrote:
> Hi,
>
> > I am trying to route traffic from LOC to a network I have configured in
> > the routes file.
>
Everything in LOC has the firewall running shorewall configured as the
Default Gateway. Also, as mentioned in the original post with the
entry in
the routes file routing works as expected from the firewall. Also
mentioned
in the original post, is when everything is allowed in shorewall via
the
entry in the policy file, everything routes as expected from the LOC
network. To me this says that "routing" works but the firewall is
blocking.
I may be wrong, but that is the assumption I am making since I have
actually
made a connection from LOC to the network exposed in kubernetes
network. I
am assuming I need a RULE to allow the traffic to pass, but since the
kubernete network is not a ZONE, I am not really sure how that would
look.
Find where your kernel logfile is (/v/l/messages?) and see what it says
when the packets are being rejected. It ought to indicate the source
and dest zones. Add the necesary things to ./rules.
If you're trying to connect loc=>loc, then you need "routeback"
Shorewall:FORWARD:REJECT: IN=enp1s5 OUT=enp1s5
Above is the shorewall log for blocking the connection. Of course I
have truncated the actual MAC/IP/PORTS etc...
Do I need some type of forwarding rule?
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
