[Shorewall-newbies] eth1 to eth1 cross network problem
teastep at shorewall.net
Tue Jan 20 09:35:54 PST 2004
On Tuesday 20 January 2004 09:20 am, Garrett Johnson wrote:
> Sorry my Linux based web email defaults to html. I believe I understand
> the setting however I don't believe this is accessible in the Webmin
> interface for shorewall.
> Here is the original "post".
> We have a Three Interface firewall/proxy setup with Shorewall.
> eth0-Gigabit/Power Users 10.1.10.0
> eth1-regular users - 100VG anylan 10.1.1.0
> eth2 - Internet Connection 192.168.7.0 -> Internet Router
> The firewall is working to the outside and between the interfaces as
> expected. However we also have a seperate internal network 192.168.1.0
> that is routed on eth1 through 10.1.1.145 then to 10.1.5.45 on arcnet then
> back to 192.168.1.201 on an ethernet network (its 2000 feet of underground
> arcnet cable). From eth0 I can ping and view everything on the 192.168.1.0
> network however shorewall is rejecting the connection in the FORWARD chain
> and the all2all chain.
> Jan 20 10:17:16 FORWARD:REJECT:IN=eth1 OUT=eth1 SRC=10.1.1.128
> DST=10.1.5.145 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=563 PROTO=ICMP TYPE=8
> CODE=0 ID=512 SEQ=1792
> Jan 20 10:17:59 all2all:REJECT:IN= OUT=eth1 SRC=10.1.1.55 DST=10.1.1.128
> LEN=120 TOS=0x00 PREC=0xC0 TTL=64 ID=4392 PROTO=ICMP TYPE=11 CODE=0
> [SRC=10.1.1.128 DST=10.1.5.145 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=591
> PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=3840 ]
> I have a rule that says any local(eth0,eth1) to any local ACCEPT.
> I don't know where I tell the local zone that 192.168.1.0 and 10.1.5.0 are
> local networks.
> I am using the webmin interface to configure shorewall.
Then you are going to have to use something other than webmin (e.g., a text
editor) to configure the 'routeback' option on eth1 in
The reference documentation for your situation may be found in one of:
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-newbies