HI!! today All routed traffic pass for L3 cisco. Linux with shorewall only return network how know to L3. But the error persist :(
Cisco L3 is the default GW for all lan networks 192.168.x.x 10.0.x.x ________________________________________ De: Tom Eastep <[email protected]> Enviado: lunes, 17 de febrero de 2014 18:05 Para: [email protected] Asunto: Re: [Shorewall-users] incoming block connections On 2/17/2014 9:32 AM, Tom Eastep wrote: > On 2/17/2014 9:10 AM, Rodrigo Cortes wrote: >> Hi!!! behind firewall exist a Layer 3 cisco, this cisco switch >> routing have default gateway to firewall. Then firewall need send >> routes back to cisco for correct routing process. >> >> is possible some error in this!? > > The Cisco has all of the routes it needs -- it is the other systems in > 192.168.1.0/24 that don't know how to route to 10.*.*.*. > > You might try adding the appropriate routes on your servers > (192.168.1.231, .234 and .239) and see if that helps (although I don't > see why it should). At any rate, it will cut down on the number of > entries in your firewall's connection tracking table. If your 192.168.1.0/24 network is configured using DHCP, you can configure your DHCP server to distribute RFC-3442 routes to the clients. That avoids having to configure routes on each local host manually. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
