hans lux wrote: > Brian J. Murrell wrote: >> On Tue, 2007-03-04 at 17:34 +0200, hans lux wrote: >>> i've read that article but can't find the problem i have in there. >> That's probably because this is not a shorewall problem. >> >>> at the moment i have the following situation >>> >>> eth0 = inet >>> eth2 = local (192.168.0.0/24)------ tunnel ----- 192.168.33.0/24 >>> eth2:0 = local (10.106.121.0)----- tunnel ------ 10.106.99.0/24 >>> >>> now i need to access the 10.106.99.0/24 from the 192.168.0.0/24. >> This is a routing problem and nothing to do with shorewall I think. >> >> Have you tried this configuration without activating your shorewall >> rules first to prove that it's a shorewall problem? There is nothing >> about filtering or natting that should be needed to make this work. >> It's all in the routing. >> >> b. > > thanks for you response. > > I tried that, but without success. > > With firewalling turned off > The router/firewall is connected to the local network 192.168.0.0/24 and > can send/receive icmp packages to network 192.168.0.0/24 over eth2 > can send/receive icmp packages to network 10.106.121.0/24 over eth2:0 > can send/receive icmp packages to network 10.106.99.0/24 over 10.106.121.1 > > the network 10.106.99.0/24 is established over a vpn tunnel > > now I'd like to send/receive packages from any host in 192.168.0.0/24 > to the network 10.106.99.0/24 > > I don't know how to do the routing. I thought I had to masq the > 192.168.0.0/24 network to 10.106.121.0/24 because otherwise > the remote network 10.106.99.0/24 can't send back packages. > the remote side only has a route to 10.106.121.0/24 but not to my > 192.168.0.0/24 network. > > or am I totally wrong ? > > some help would be great. > > thanks > hlux
the current routing table Kernel IP routing table Destination Gateway Genmask Flags Use Iface in.et.ad.64 * 255.255.255.248 U 0 eth0 10.106.121.0 * 255.255.255.0 U 0 eth2 192.168.0.0 * 255.255.255.0 U 0 eth2 10.106.99.0 10.106.121.1 255.255.255.0 UG 0 eth2 10.106.99.0 in.et.ad.65 255.255.255.0 UG 0 eth0 169.254.0.0 * 255.255.0.0 U 0 eth2 172.16.0.0 * 255.255.0.0 U 0 eth1 default in.et.ad.65 0.0.0.0 UG 0 eth0 ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
