... "The successor to ''norfc1918'' is NULL_ROUTE_RFC1918=Yes in shorewall.conf." I have tried that, and the only pings I get back are from the 10.0.0.0 subnet. I get the following response after trying to ping a known printer on my network that would otherwise have been accessible: ping 192.168.3.142 connect: Network is unreachable How do I make the NULL_ROUTE... keep from excluding other subnets within my own LAN? Thank you for your help! --Erik. ------------------------------------------------------------------------------ RSA(R) Conference 2012 Mar 27 - Feb 2 Save $400 by Jan. 27 Register now! http://p.sf.net/sfu/rsa-sfdev2dev2
On Jan 15, 2012, at 12:37 PM, Erik Mundall wrote:> ... "The successor to ''norfc1918'' is NULL_ROUTE_RFC1918=Yes in shorewall.conf." > > I have tried that, and the only pings I get back are from the 10.0.0.0 subnet. I get the following response after trying to ping a known printer on my network that would otherwise have been accessible: > > ping 192.168.3.142 > connect: Network is unreachable > > How do I make the NULL_ROUTE... keep from excluding other subnets within my own LAN? > > Thank you for your help!You''re going to have to forward the output of ''shorewall dump'' (as a compressed attachment) in order for us to be able to answer that question. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ RSA(R) Conference 2012 Mar 27 - Feb 2 Save $400 by Jan. 27 Register now! http://p.sf.net/sfu/rsa-sfdev2dev2
On Jan 15, 2012, at 12:37 PM, Erik Mundall wrote:> ... "The successor to ''norfc1918'' is NULL_ROUTE_RFC1918=Yes in shorewall.conf." > > I have tried that, and the only pings I get back are from the 10.0.0.0 subnet. I get the following response after trying to ping a known printer on my network that would otherwise have been accessible: > > ping 192.168.3.142 > connect: Network is unreachable192.168.3.142 is reached using the default gateway. So unless you use your distribution''s IP configuration tools to create a specific route to that host via the default gateway, then NULL_ROUTE_RFC1918=Yes will drop packets to/from that host. Erik, you can''t have it both ways. You know that 192.168.3.142 is an RFC 1918 host that is of interest to you, but nothing in the configuration reflects that knowledge (or you can add an entry to /etc/shorewall/routes). On the other hand, there is a route to 10.0.0.0/24, so that network is exempted from being excluded by NULL_ROUTE_RFC1918=Yes. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ RSA(R) Conference 2012 Mar 27 - Feb 2 Save $400 by Jan. 27 Register now! http://p.sf.net/sfu/rsa-sfdev2dev2