search for: vpn2dmz

...eth1_dynf -d 10.10.0.0/255.255.255.0 -o eth0 -j wlan2all and then I add another host to vpn zone shorewall add eth1:192.0.2.1 vpn Which will generate this ruleset after previous one. - -A eth1_dynf -s 192.0.2.1 -d 10.10.0.0/255.255.255.0 -o eth0 -j vpn2vpn - -A eth1_dynf -s 192.0.2.1 -o eth1 -j vpn2dmz - -A eth1_dynf -s 192.0.2.1 -o eth0 -j vpn2net - -A eth1_dynf -s 192.0.2.1 -o eth1 -j vpn2wlan - -A eth1_dynf -d 192.0.2.1 -o eth1 -j wlan2all Ok. Problem lies here: when a packet comes from 192.0.2.1 and want to go to 10.10.0.1 both in vpn zone, wlan2all zone REJECT policy hits in _before_ vpn2v...

...fice 2 (fail): Shorewall:vpn2loc:ACCEPT: IN=ipsec0 OUT=eth1 MAC=00:02:44:7e:04:0e:00:01:64:db:74:70:08:00 SRC=192.168.1.12 DST=192.168.254.254 LEN=84 TOS=00 PREC=0x00 TTL=62 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=11790 SEQ=1024 Ping from PC at office 1 to office 2 DMZ via VPN (successful): Shorewall:vpn2dmz:ACCEPT: IN=ipsec0 OUT=eth2 MAC=00:02:44:7e:04:0e:00:01:64:db:74:70:08:00 SRC=192.168.1.12 DST=192.168.240.165 LEN=84 TOS=00 PREC=0x00 TTL=62 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=12046 SEQ=256 Ping from PC at office 1 to VLAN 192.168.5.3 at office 2 (fail): Shorewall:vpn2loc:ACCEPT: IN=ipsec0 OUT=e...