[Shorewall-newbies] Subnetting

Tom Eastep teastep at shorewall.net
Thu Feb 19 13:31:17 PST 2004

On Thursday 19 February 2004 01:27 pm, Garrett Johnson wrote:
> We've got our proxy/gateway/shorewall server up and running.  However our
> loc zone on Interface eth1 has several subnet's that it routes for.  One of
> the subnet's can't connect to several services email, ping, etc. whereas
> other subnet's set up like the one that doesn't work can do everything.
> The subnet that doesn't work can ping eth1's local ip address but can't
> ping anything at the outside world but can get to the proxy server.
> other subnet's can ping the one that doesn't work just fine.
> Our setup is like the Triple-Interface setup but instead of going to a DMZ
> we have one local zone with two interface cards set to it.  Only one card
> eth1 has other subnet's attached.   The other card eth0 is attached to a
> small gigabit network.   I can't tell if the problem is with the firewall
> although we didn't have problems with this until the firewall was
> installed.
> The only log entry I've seen that gives any message is one with a packet
> from the subnet that doesn't work that says it was UNREPLIED.  We have
> several (2-3) subnet's due to distance limitations of Ethernet.  One of
> these uses ARCNET and routes packets through two WINNT SP3 machines acting
> as routers they run TCPIP.  All is going well except for this one subnet.
> I'm just looking for a place to start looking into what is wrong.  This is
> very similar to the problem we had with the server the first time we tried
> running it and were unable to get out at all.  Now everyone except this
> subnet is good.

A little detailed information is better than a lot of prose in cases like 
yours. Please forward the information requested in the Shorewall Support 
Guide (http://www.shorewall.net/support.htm).

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-newbies mailing list