I have 2 DNS boxes sharing a DMZ subnet. I believe they are accessible from the outside, and they seem to be working from the loc zone, but they don't seem to be able to access each other. I get the following entries in /var/messages:
Aug 16 19:02:09 firewall kernel: Shorewall:FORWARD:REJECT:IN=eth2 OUT=eth2 SRC=192.168.10.2 DST=192.168.10.2 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=19401 PROTO=UDP SPT=1337 DPT=53 LEN=32 Aug 16 19:02:14 firewall kernel: Shorewall:FORWARD:REJECT:IN=eth2 OUT=eth2 SRC=192.168.10.2 DST=192.168.10.2 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=19402 PROTO=UDP SPT=1337 DPT=53 LEN=32 Aug 16 19:02:48 firewall kernel: Shorewall:FORWARD:REJECT:IN=eth2 OUT=eth2 SRC=192.168.10.2 DST=192.168.10.3 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=19406 PROTO=UDP SPT=1337 DPT=53 LEN=32 Both are masqueraded and DNATed (192.168.10.2 is 68.116.40.2 in real life, and .3 is .3) 192.168.10.0/24 is the DMZ masq contains: eth4 192.168.10.2 68.116.40.2 eth4 192.168.10.3 68.116.40.3 eth4 192.168.2.0/24 nat contains 68.116.40.2 eth4 192.168.10.2 68.116.40.3 eth4 192.168.10.3 What kind of a rule do I add? I have a policy of dmz dmz ACCEPT, but that doesn't seem to help. Thanks in advance, its been a very educational week... harold miller ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
