[Shorewall-users] multiple subnets

Nerijus Baliunas nerijus at users.sourceforge.net
Tue May 6 20:00:48 PDT 2003


Hello,

I have the following working situation (shorewall 1.4.2).

ifconfig:
eth0	inet addr:192.168.56.1  Bcast:192.168.56.255
eth1	inet addr:213.197.143.57  Bcast:213.197.143.59
eth2	inet addr:213.197.143.54  Bcast:213.197.143.55
ppp0	...

interfaces:
mail    eth2    213.197.143.55
dsl     ppp0    detect
loc    eth0    192.168.56.255
dmz     eth1    213.197.143.59

policy:
loc             dmz             ACCEPT

PCs in loc zone can access services in dmz.

Now 3 new subnets 192.168.57.0/24 - 59.0/24 (radio lan) were connected
to the loc lan through 192.168.56.22, which is configured to route to
192.168.56.1.

According to
http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html I changed
interfaces to:
...
-   eth0  192.168.56.255,192.168.57.255,192.168.58.255,192.168.59.255
...

and hosts to:
loc     eth0:192.168.56.0/24
loc     eth0:192.168.57.0/24
loc     eth0:192.168.58.0/24
loc     eth0:192.168.59.0/24

Also entered such commands at the firewall console:
route add -net 192.168.57.0/24 dev eth0 gateway 192.168.56.22
route add -net 192.168.58.0/24 dev eth0 gateway 192.168.56.22
route add -net 192.168.59.0/24 dev eth0 gateway 192.168.56.22

The problem is that PCs from radio link (192.168.58.2 for example) can
ping the firewall, but cannot access dmz. What could be a problem?
I can provide radio lan connection details.

Thanks,
Nerijus




More information about the Shorewall-users mailing list