[Shorewall-users] Policy Rules not working as expected

Patrick Benson benson@chello.se
Thu, 25 Apr 2002 12:48:45 +0200


nowak@ebi-service.de wrote:
> 
> Hi, I have a linux router with 2 nics eth0 and eth1. eth0 is connected to the
> internet and behind eth1 are several subnets.

Hello,

I'm just a little curious. You have defined that eth0 is connected to
the internet yet you bind your local subnets with eth0 instead of eth1
below:
 
> My hosts files looks like this:
> 
> #ZONE           HOST(S)         OPTIONS
> dinslaken       eth0:10.95.0.0/16       routestopped
> moers           eth0:10.96.0.0/16       routestopped
> dortmund        eth0:10.97.0.0/16       routestopped
> pdv             eth0:192.168.100.0/24   routestopped
> token           eth0:149.202.30.0/16    routestopped
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE

Tom's documentation usually looks like this, copied from his site:

ZONE  INTERFACE  BROADCAST  OPTIONS
net    eth0      detect     dhcp,noping,norfc1918,blacklist
loc    eth1      detect     routestopped
 
> My interface file:
> 
> #ZONE    INTERFACE      BROADCAST       OPTIONS
> net             eth1    detect          routestopped,noping
> -       eth0    detect          multi

..yet you have it switched the other way around. Shouldn't your net
interface be eth0? I just mention this because you may get more problems
later on without realizing what may be causing the errors...


Regards,
-- 
Patrick Benson
Stockholm, Sweden