[Shorewall-newbies] eth1 to eth1 cross network problem

Tom Eastep teastep at shorewall.net
Tue Jan 20 09:35:54 PST 2004

On Tuesday 20 January 2004 09:20 am, Garrett Johnson wrote:
> Sorry my Linux based web email defaults to html.   I believe I understand
> the setting however I don't believe this is accessible in the Webmin
> interface for shorewall.
> Here is the original "post".
> Thanks
> Garrett
> We have a Three Interface firewall/proxy setup with Shorewall.
> eth0-Gigabit/Power Users
> eth1-regular users - 100VG anylan
> eth2 - Internet Connection -> Internet Router
> The firewall is working to the outside and between the interfaces as
> expected.  However we also have a seperate internal network
> that is routed on eth1 through then to on arcnet then
> back to on an ethernet network (its 2000 feet of underground
> arcnet cable).  From eth0 I can ping and view everything on the
> network however shorewall is rejecting the connection in the FORWARD chain
> and the all2all chain.
> Jan 20 10:17:16 FORWARD:REJECT:IN=eth1 OUT=eth1 SRC=
> DST= LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=563 PROTO=ICMP TYPE=8
> CODE=0 ID=512 SEQ=1792
> and
> Jan 20 10:17:59 all2all:REJECT:IN= OUT=eth1 SRC= DST=
> LEN=120 TOS=0x00 PREC=0xC0 TTL=64 ID=4392 PROTO=ICMP TYPE=11 CODE=0
> [SRC= DST= LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=591
> PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=3840 ]
> I have a rule that says any local(eth0,eth1) to any local ACCEPT.
> I don't know where I tell the local zone that and are
> local networks.
> I am using the webmin interface to configure shorewall.

Then you are going to have to use something other than webmin (e.g., a text 
editor) to configure the 'routeback' option on eth1 in 

The reference documentation for your situation may be found in one of:


Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-newbies mailing list