I have 17 branch offices connected to my corporate office that need inet access. I have a Shorewall box at my corporate office. All the computers at the corporate office can access the inet just fine, but none of the branches can. The branches can get to the firewall but not through it. It seems like the are not getting NAT''ed or something like that. Can anyone assist? Blake
--On Tuesday, December 31, 2002 3:05 PM -0600 Parker Blake MIS <bparker@alacare.com> wrote:> I have 17 branch offices connected to my corporate office that need inet > access. I have a Shorewall box at my corporate office. All the > computers at the corporate office can access the inet just fine, but > none of the branches can. The branches can get to the firewall but not > through it. It seems like the are not getting NAT''ed or something like > that. Can anyone assist?Sure -- as soon as you tell us something about your network topology so we will have some clue about what we''re dealing with... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
A while back Andrew Judge posted his topology map so I will use his because it is the same as mine only mine has more sites and all of my sites have /16 networks instead of /24. http://www.aerobuilders.com/shorewall-dia.html -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Tuesday, December 31, 2002 3:12 PM To: Parker Blake MIS; Shorewall Users List Subject: Re: [Shorewall-users] WAN MASQ Problem --On Tuesday, December 31, 2002 3:05 PM -0600 Parker Blake MIS <bparker@alacare.com> wrote:> I have 17 branch offices connected to my corporate office that needinet> access. I have a Shorewall box at my corporate office. All the > computers at the corporate office can access the inet just fine, but > none of the branches can. The branches can get to the firewall butnot> through it. It seems like the are not getting NAT''ed or somethinglike> that. Can anyone assist?Sure -- as soon as you tell us something about your network topology so we will have some clue about what we''re dealing with... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
--On Tuesday, December 31, 2002 3:20 PM -0600 Parker Blake MIS <bparker@alacare.com> wrote:> A while back Andrew Judge posted his topology map so I will use his > because it is the same as mine only mine has more sites and all of my > sites have /16 networks instead of /24. >Ok -- does your /etc/shorewall/masq file have an entry or set of entries that covers the remote subnets? -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
--On Tuesday, December 31, 2002 3:26 PM -0600 Parker Blake MIS <bparker@alacare.com> wrote:> INTERFACE SUBNET ADDRESS > eth2 eth0 ># LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE > > eth2 is my inet interface and eth0 is my local net interface >That entry only covers your local machines (as you''ve discovered). -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net