Marc
2003-Sep-21 03:58 UTC
[Shorewall-users] Problems with forwarding between local Subnets
Hi all! I have a tricky problem with forwarding and accessing Servers in our local Subnets. Maybe I?m just to blind to see the solution and I hope anybody can help me out. I?m using shorewall with 3 network cards. I have the zones as follows: net : ISP dmz : 10.1.14.0, 255.255.255.0 loc : 10.1.11.0, 255.255.255.0 There are 2 more subnets in the loc (10.1.10.0, 255.255.255.0 and 10.1.12.0, 255.255.255.0). The gaterways for the subnets aren?t the firewall but they are also in the loc zone and have the IPs 10.1.11.2 and 10.1.11.3. If I now try to access a server from the subnet 10.1.10.0 (apache, ping or something else), and the client is in the subnet 10.1.12.0, it don?t work. The Firewall it self can ping and access all servers in all subnets but other clients can?t. Bevor I took the decision to use shorewall, I used a hardcoded Iptables script. 1st I had the same problems but when modified the routingtabels (route.conf, entered the information for the Firewall where to find the subnets 10.1.10.0 and 10.1.12.0), and had allowed forwarding, it works fine. Now, in my new firewall I have modifiyed the routingtables again, but it seems not to be enought. I have no idea what the problem is and I would be really glad if anybody can help me there. Sorry for my not perfect english but I tryed my best :-) Regards from germany Marc
Tom Eastep
2003-Sep-21 08:17 UTC
[Shorewall-users] Problems with forwarding between local Subnets
On Sun, 21 Sep 2003, Marc wrote:> Bevor I took the decision to use shorewall, I used a hardcoded Iptables > script. 1st I had the same problems but when modified the routingtabels > (route.conf, entered the information for the Firewall where to find the > subnets 10.1.10.0 and 10.1.12.0), and had allowed forwarding, it works fine. > > Now, in my new firewall I have modifiyed the routingtables again, but it > seems not to be enought. > I have no idea what the problem is and I would be really glad if anybody can > help me there. >Try setting the ''routeback'' option on your local interface in /etc/shorewall/interfaces. -Tom PS -- if you would configure your other two routers correctly, this problem wouldn''t occur and your performance would be better. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net