[Shorewall-newbies] Subnetting

Garrett Johnson garrettj at annalee.com
Thu Feb 19 13:27:18 PST 2004

We've got our proxy/gateway/shorewall server up and running.  However our
loc zone on Interface eth1 has several subnet's that it routes for.  One of
the subnet's can't connect to several services email, ping, etc. whereas
other subnet's set up like the one that doesn't work can do everything.
The subnet that doesn't work can ping eth1's local ip address but can't ping
anything at the outside world but can get to the proxy server.  Also other
subnet's can ping the one that doesn't work just fine.  

Our setup is like the Triple-Interface setup but instead of going to a DMZ
we have one local zone with two interface cards set to it.  Only one card
eth1 has other subnet's attached.   The other card eth0 is attached to a
small gigabit network.   I can't tell if the problem is with the firewall
although we didn't have problems with this until the firewall was installed.

The only log entry I've seen that gives any message is one with a packet
from the subnet that doesn't work that says it was UNREPLIED.  We have
several (2-3) subnet's due to distance limitations of Ethernet.  One of
these uses ARCNET and routes packets through two WINNT SP3 machines acting
as routers they run TCPIP.  All is going well except for this one subnet.

I'm just looking for a place to start looking into what is wrong.  This is
very similar to the problem we had with the server the first time we tried
running it and were unable to get out at all.  Now everyone except this
subnet is good.

Thanks Garrett

Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.580 / Virus Database: 367 - Release Date: 2/6/2004

More information about the Shorewall-newbies mailing list