Re: [Shorewall-users] Clients in subnet A cannot access clients in subnet B

Thu, 30 Jun 2016 07:36:08 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 06/29/2016 04:59 PM, Thomas Schneider wrote:
> sure... tarball attached.
> 

Several things:

1)  NONE policies are only to be used when *no* traffic is ever         
    expected between the SOURCE and DEST zones. That is why Rules are
    not allowed between zones with a policy of NONE. Since you do want
    to allow some traffic, REJECT would be a better policy. You then
    need to add rules for the traffic you wish to accept.

2)  For Linux traceroute, you need to use the Trcrt macro.

3)  Your ACCEPT rules for all icmp types are not needed.

4)  The configuration in the dump doesn't match the configuration that
    you sent in the tarball with respect to ping. Be sure that
    'shorewall reload -c' compiles and loads your configuration
    successfully.

- -Tom
- -- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJXdSySAAoJEJbms/JCOk0QbegP/1DkQBPsLTBndeaoO69dWjpK
llL6Nipu76v8Zqwx+xAApUIQR5UP49a5v6wVIRpw39Vgq6uEcaJh3DQQNpkk0p1F
ZhNOGgFOZAP8TAt0Ihn91u/B1yR9NME/3r7g2ZY6aS3Omh+rlB3KSVqp19PGZB/c
ykZCMY0nSjA6UNdlKoBraBc4QN+h9iib6yTXRAfhZ/w+p55aSCS/M0aAfPy1Lze+
9Ks7AiJTzRdIYHdjDhv8MDMwKFWLtV7rsR37rG1bXh/ej2NCXsHIj8rB99U5NhTi
ga/WyAl23T0CVgvPxJ1jiZpR5L5thKaVmKBtBBMlhdO4vcXgUNxU7ez/2kI87UMx
QK+D+8UpyAurOvSe1ErNS6iT59eu5JhWdNeJ3J6w7Msm8wbOi8DkiiwKhLLDWYUj
TSudI6dNJtNzh+LjAReNOwasXc+rIRT4EQ22vsvUHAwqVE3eHdHzcnz2WI4sGx/C
MtNyNJ1JDopqDVUxlbMOS1QCxYRDZUPvkyWoxZySGY61Fo+gEmbVPRjQD5V4JVRO
FJDRzmaudXjw+tNdcSnNNmkUbEgWFIsZBDdMTQlBPxkgs1pl+XZOlPcT+WK6FSmI
8OgJgf+9ZZ1LCPWNPmCD+9iYJRTb4WYu/iECT+z8oDll5WZ9MLIaF+iel0c2yIKE
9se5BOWMDszbARuhEj3u
=pKzI
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to