Hello,
I use Shorewall version 4.0.6.
Our LAN is composed of 2 subnetworks. One 192.9.200.x is "local",
directly connected to our firewall (192.9.200.200).
Acces from this sublan to internet works fine (zone named "LAN")
192.9.200.0 -> 192.9.200.200 (fw) -> NET
The other LAN is distant (10.44.40.0/24), connected through a WAN (local
router address is 192.9.200.100, remote router address is 10.44.40.250)
I've followed the "Routing on one interface" web page. I've added the
routes on both sides, and tested:
(remote LAN to router) Ping from 10.44.40.105 to 10.44.40.250: OK
(remote LAN to LAN) Ping from 10.44.40.105 to 192.9.200.150; OK
(remote LAN to firewall) Ping from 10.44.40.105 to 192.9.200.200: OK
(firewall to remote LAN): Ping from 192.9.200.200 to 10.44.40.105: OK:
(LAN to internet) Ping from 192.9.200.150 to www.google.fr: OK
(remote LAN to internet): Ping from 10.44.40.105 to www.google.fr: NOK
(nslookup is fine)
Default route from 10.44.40.105 is 192.9.200.200
Static route from 10.44.40.105 to 192.9.*.* is 10.44.40.250
File RULES:
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
lan ipv4
net ipv4
road ipv4
File ZONES:
#ZONE INTERFACE BROADCAST OPTIONS
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
road tun+
lan eth0 detect routeback
net eth2 detect
netstat from firewall:
r...@firewall:/etc/shorewall# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
10.8.1.2 0.0.0.0 255.255.255.255 UH 0 0 0
tun0
62.160.136.184 0.0.0.0 255.255.255.248 U 0 0 0
eth2
10.44.40.0 192.9.200.100 255.255.255.0 UG 0 0 0
eth0
10.8.1.0 10.8.1.2 255.255.255.0 UG 0 0 0
tun0
192.9.200.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
0.0.0.0 62.160.136.190 0.0.0.0 UG 0 0 0
eth2
r...@firewall:/etc/shorewall# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:50:bf:06:78:69
inet addr:192.9.200.200 Bcast:192.9.200.255 Mask:255.255.255.0
inet6 addr: fe80::250:bfff:fe06:7869/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:44191853 errors:0 dropped:0 overruns:0 frame:0
TX packets:36440307 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2210954261 (2.0 GB) TX bytes:110852404 (105.7 MB)
Interrupt:9 Base address:0xd400
r...@firewall:/etc/shorewall# ifconfig eth2
eth2 Link encap:Ethernet HWaddr 00:0d:88:72:2b:e6
inet addr:62.160.136.185 Bcast:62.160.136.191
Mask:255.255.255.248
inet6 addr: fe80::20d:88ff:fe72:2be6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:32992212 errors:0 dropped:0 overruns:0 frame:0
TX packets:23638157 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4280032358 (3.9 GB) TX bytes:612454004 (584.0 MB)
Interrupt:9 Base address:0x2e00
Any idea what could be wrong? Is the default route = firewall correct
for the remote PCs? There aren't any "reject" on the firewall logs.I
think a route is missing somewhere. I don't want to have a separate zone
for each subnet, and as far as I have red the documentation, I don't
have to?
Thanks in advance for any help,
Regards,
Laurent Blin
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
