Shorewall users - Mar 2002 - shorewall/freeswan

After many trials and tribulations (mostly w/freeswan), I have two networks
(192.168.2.1 and 192.168.3.1) behind identical firewalls. They are running a
2.4.17 kernel, freeswan 1.94dec31, and shorewall 1.2.3. The tunnels come up
fine, and all is mostly well. But while I can ping any machine in either
subnet from any machine in the other subnet, the two subnets are not
behaving as "one happy lan" like I was hoping (see systems in network
neighborhood, etc). One of the varied uses of this tunnel is online gaming
for games that have LAN support but not internet support. But when a game is
started on one subnet, the other subnet does not get the broadcasts that it
is there. I''m not an expert networker so I don''t know if I
have a basic
router, shorewall or ipsec issue. For either of the subnets, the
"other"
subnet is the "gw" zone as suggested in Tom''s config files.
The actual entry
in the interfaces file is:

gw	ipsec0

The example configuration did not have the broadcast field filled in for the
agove entry. Would putting a broadcast mask on this entry solve my problem
or are there other issues here I need to consider?

Steve


*************************************************************************** 
This electronic mail transmission contains confidential and/or privileged 
information intended only for the person(s) named.  Any use, distribution, 
copying or disclosure by another person is strictly prohibited. 
***************************************************************************

After some helpful private answers (thanks Dan) involving samba and a wins
server, I have most things working the way I would like (network
neighborhood, browsing, windows dns, etc.). However, various broadcasting
apps (aka lan gaming) are not able to see each other across the subnets
without specifically targeting them to a given IP. My understanding is that
routers by default do not forward broadcasts across subnets. Since many
games are set up like this I''m wondering if there is a simple
enablement in
Shorewall to allow/force broadcasts on one subnet to be forwarded over the
ipsec interface (interface gw) to the other subnet. Thanks.

Steve

----- Original Message -----
From: "Steven Estes" <steve.estes@sanchez.com>
To: <shorewall-users@shorewall.net>
Sent: Monday, March 04, 2002 2:48 PM
Subject: [Shorewall-users] shorewall/freeswan

> After many trials and tribulations (mostly w/freeswan), I have two
networks
> (192.168.2.1 and 192.168.3.1) behind identical firewalls. They are running
a
> 2.4.17 kernel, freeswan 1.94dec31, and shorewall 1.2.3. The tunnels come
up
> fine, and all is mostly well. But while I can ping any machine in either
> subnet from any machine in the other subnet, the two subnets are not
> behaving as "one happy lan" like I was hoping (see systems in
network
> neighborhood, etc). One of the varied uses of this tunnel is online gaming
> for games that have LAN support but not internet support. But when a game
is
> started on one subnet, the other subnet does not get the broadcasts that
it
> is there. I''m not an expert networker so I don''t know if
I have a basic
> router, shorewall or ipsec issue. For either of the subnets, the
"other"
> subnet is the "gw" zone as suggested in Tom''s config
files. The actual
entry
> in the interfaces file is:
>
> gw ipsec0
>
> The example configuration did not have the broadcast field filled in for
the
> agove entry. Would putting a broadcast mask on this entry solve my problem
> or are there other issues here I need to consider?
>
> Steve
>
>
>
***************************************************************************
> This electronic mail transmission contains confidential and/or privileged
> information intended only for the person(s) named.  Any use, distribution,
> copying or disclosure by another person is strictly prohibited.
>
***************************************************************************
>
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@shorewall.net
> http://www.shorewall.net/mailman/listinfo/shorewall-users