On Wed, 2007-04-04 at 11:52 +0200, hans lux wrote: > > With firewalling turned off > The router/firewall is connected to the local network 192.168.0.0/24 and > can send/receive icmp packages to network 192.168.0.0/24 over eth2 > can send/receive icmp packages to network 10.106.121.0/24 over eth2:0 > can send/receive icmp packages to network 10.106.99.0/24 over 10.106.121.1
Good. > now I'd like to send/receive packages from any host in 192.168.0.0/24 > to the network 10.106.99.0/24 OK. Do they know that to reach 10.106.99.0/24 they need to route via the router/firewall (i.e. routing table on hosts in 192.168.0.0/24)? Does the router know it's supposed to be forwarding packets (/proc/sys/net/ipv4/conf/*/forwarding)? > I don't know how to do the routing. I thought I had to masq the > 192.168.0.0/24 network to 10.106.121.0/24 because otherwise > the remote network 10.106.99.0/24 can't send back packages. Ahhh. Yes, that too. The hosts in both networks need to have routes back to the network where packets could be coming from. > the remote side only has a route to 10.106.121.0/24 but not to my > 192.168.0.0/24 network. You need to add routes to hosts on both networks telling them how to get to the other network. Some people do this with dynamic routing protocols, some people do it with static routing. Routing is inherently site-specific and O/S specific. You will have to investigate your options given your policies and operating systems involved. So far, this still doesn't sound like a Shorewall problem (yet). b. -- My other computer is your Microsoft Windows server. Brian J. Murrell
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
