[Shorewall-users] static route

David Fair, Jr. dfair at circuitryman.com
Fri Apr 2 01:40:46 PST 2004


I have a client that is using shorewall version 1.4.8 with two interfaces
and standard policy.  They asked me to help them troubleshoot a problem with
an internal static route.  The customer wants all internal requests for the
network 192.168.128.0/24 to be forwarded to 10.0.0.228/192.168.128.1 a
machine on their internal network.  The problem is that when I try and
traceroute to 192.168.128.1 from inside the network or from the firewall I
get the following message "traceroute to 192.168.128.1 (192.168.128.1), 30
hops max, 38 byte packets," then it times out.  I can both traceroute and
ping 10.0.0.228 from the network and the firewall.  After doing some
research and trying various many configurations, I am at a loss.  Any help
would be greatly appreciated.  All other features of the firewall are
working perfectly.

Any help would be greatly appreciated.

Thanks.

David Fair
dfair at circuitryman.com

Shorewall version 1.4.8

1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:0c:f1:a4:e3:5b brd ff:ff:ff:ff:ff:ff
    inet 64.30.209.239/24 brd 64.30.209.255 scope global eth0
    inet 64.30.209.241/24 brd 64.30.209.255 scope global secondary eth0
    inet 64.30.209.240/24 brd 64.30.209.255 scope global secondary eth0
    inet 64.30.209.243/24 brd 64.30.209.255 scope global secondary eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:04:75:a0:6b:98 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global eth1

192.168.128.0/24 via 10.0.0.228 dev eth1
10.0.0.0/24 dev eth1  scope link
64.30.209.0/24 dev eth0  scope link
169.254.0.0/16 dev eth1  scope link
127.0.0.0/8 dev lo  scope link
default via 64.30.209.254 dev eth0


More information about the Shorewall-users mailing list