On Wed, 2004-11-03 at 15:07, Michal wrote:> Hello list,
> Here is a setup of my network:
>
> eth0 <-> router1 <-> eth2 --- wifi --- eth2 <-> router2
<-> eth0
> | |
> eth1 eth1
>
> Router1:
> eth0 - Internet connection
> eth1 - Local network (network 10.1.1.0/24)
> eth2 - Wireless AP (network 10.1.10.0/24)
>
> Router2:
> eth0 - Internet connection
> eth1 - Local network (network 10.2.1.0/24)
> eth2 - Wireless client (IP 10.1.10.3)
>
> Router2 is connected wirelessly to Router1. On both these routers there
> is a working setup for ip masquerading, etc. These routers got connected
> recently and now I''m trying to solve a problem how to make it so
clients
> in Router1''s local network can reach Router2''s local
network
> (10.1.1.2 -> 10.2.1.2 etc...)
>
> These routers are both running shorewall serving their own local
> network. Router1''s both eth1 and eth2 are a part of loc zone.
No -- the hosts *conected through eth1 and eth2* are part of the
''loc''
zone.
> I don''t
> know what to add to shorewall configuration to make this routing
> working.
You don''t add anything to Shorewall to make routing work -- Shorewall
has nothing to do with routing (except in the narrow case of the
/etc/shorewall/proxyarp file when the HAVEROUTE column contains
''No'').
Since intrazone traffic is allowed by default in Shorewall (you don''t
say which version you are running but all recent versions work that
way), then if you have no loc->loc policy and no loc->loc rules then you
are all set as far as your Shorewall configuration goes.
> Could someone please help or point me to the right direction?
On router1, you need to add a route to 10.2.1.0/24 with gateway IP = IP
address of router2''s eth2.
On router2, you need to add a route to 10.1.1.0/24 with gateway IP = IP
address of router1''s eth2.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key