On 1/30/2018 10:54 AM, Bernard Drozd wrote: >>"MASQUERADE should only be used when the DEST interface has a dynamic > IP address. Otherwise, SNAT should be used and should specify the > interface's static address." > So my (/etc/shorewall/snat) configuration should work: > > MASQUERADE 10.10.10.0/24 enp1s0 > MASQUERADE 10.10.11.0/24 enp1s0 >
It refers here to your wan interface. Is your wan interface configured by dhcp (does it get an dinamic IP)? Note that this has nothing to do with your local network. > since LAN (10.10.10.0/24) and WLAN (10.10.11.0/24) addresses are > dynamically assigned by DHCP. > But it doesn't. I can't connect to the internet from LAN and WLAN. I > don't know where a mistake is. > As said on: http://shorewall.org/two-interface.htm#Wireless "Once you have the two-interface setup working ..." Clearly your two-interface setup is not working. So I will ignore the wireless part of this question. What is the content of the following files?: /etc/shorewall/zones /etc/shorewall/interfaces /etc/shorewall/policy /etc/shorewall/rules /etc/shorewall/stoppedrules P.S. Please send through the list. -Matt -- Matt Darfeuille ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users