[Shorewall-newbies] eth1 to eth1 cross network problem

Garrett Johnson garrettj at annalee.com
Tue Jan 20 12:20:16 PST 2004


Sorry my Linux based web email defaults to html.   I believe I understand=
 the=20
setting however I don't believe this is accessible in the Webmin interfac=
e for shorewall.

Here is the original "post".=20

Thanks=20
Garrett

We have a Three Interface firewall/proxy setup with Shorewall. =20

eth0-Gigabit/Power Users  10.1.10.0
eth1-regular users - 100VG anylan 10.1.1.0=20
eth2 - Internet Connection 192.168.7.0 -> Internet Router

The firewall is working to the outside and between the interfaces as expe=
cted.  However we also have a seperate internal network=20
192.168.1.0 that is routed on eth1 through 10.1.1.145 then to 10.1.5.45 o=
n arcnet then back to 192.168.1.201 on an ethernet network (its=20
2000 feet of underground arcnet cable).  From eth0 I can ping and view ev=
erything on the 192.168.1.0 network however shorewall is=20
rejecting the connection in the FORWARD chain and the all2all chain.

Jan 20 10:17:16 FORWARD:REJECT:IN=3Deth1 OUT=3Deth1 SRC=3D10.1.1.128 DST=3D=
10.1.5.145 LEN=3D60 TOS=3D0x00 PREC=3D0x00 TTL=3D127=20
ID=3D563 PROTO=3DICMP TYPE=3D8 CODE=3D0 ID=3D512 SEQ=3D1792

and

Jan 20 10:17:59 all2all:REJECT:IN=3D OUT=3Deth1 SRC=3D10.1.1.55 DST=3D10.=
1.1.128 LEN=3D120 TOS=3D0x00 PREC=3D0xC0 TTL=3D64 ID=3D4392=20
PROTO=3DICMP TYPE=3D11 CODE=3D0 [SRC=3D10.1.1.128 DST=3D10.1.5.145 LEN=3D=
92 TOS=3D0x00 PREC=3D0x00 TTL=3D1 ID=3D591 PROTO=3DICMP TYPE=3D8=20
CODE=3D0 ID=3D512 SEQ=3D3840 ]=20

I have a rule that says any local(eth0,eth1) to any local ACCEPT. =20

I don't know where I tell the local zone that 192.168.1.0 and 10.1.5.0 ar=
e local networks.

I am using the webmin interface to configure shorewall.



Garrett Johnson
MIS Manager
Annalee Mobilitee Dolls, Inc.




---- Msg sent via Annalee Mobilitee Dolls - http://www.annalee.com/


More information about the Shorewall-newbies mailing list