thr3ads.net - Shorewall users - [Shorewall-users] Access through gateway [Oct 2002]

If this information is useful, please help other people find it:
Share via:

Klaus Pieper

2002-Oct-08 19:19 UTC

[Shorewall-users] Access through gateway

Hi,

I have a host that is connected with a pointopoint interface through a 
gateway on eth1:

fw/192.168.1.1 <-- eth1:192.168.1.0/25 -->  gw/192.168.1.2 
/192.168.1.130 < -- ptp --> lx390/192.168.1.129

lx390 is defined on fw with route add -host 192.168.1.129 gw 192.168.1.2.
All hosts on eth1 use .1 as default gw.

lx390 can connect to hosts on the internet and the eth1 network, but 
connections from eth1 (except the gateway .2) are blocked.

Oct  8 21:05:00 harpo kernel: Shorewall:FORWARD:REJECT:IN=eth1 OUT=eth1 
SRC=192.168.1.3 DST=192.168.1.129 LEN=48 TOS=0x00 PREC=0x00 TTL=127 
ID=19200 DF PROTO=TCP SPT=1031 DPT=139 WINDOW=8192 RES=0x00 SYN URGP=0
Oct  8 21:06:30 harpo kernel: Shorewall:FORWARD:REJECT:IN=eth1 OUT=eth1 
SRC=192.168.1.105 DST=192.168.1.129 LEN=60 TOS=0x10 PREC=0x00 TTL=63 
ID=37539 DF PROTO=TCP SPT=32768 DPT=23 WINDOW=5840 RES=0x00 CWR ECE SYN 
URGP=0

How can I define a FORWARD rule 192.168.1.0/25 -> 192.168.1.129?

Thanks in advance
Klaus Pieper


/etc/shorewall/hosts
loc     eth1:192.168.1.0/25
loc     eth1:192.168.1.129

/etc/shorewall/masq
ppp0    192.168.1.0/25
ppp0    192.168.1.129
ippp0   eth1

Tom Eastep

2002-Oct-08 19:32 UTC

head link

[Shorewall-users] Access through gateway

Klaus Pieper wrote:> Hi,
> 
> I have a host that is connected with a pointopoint interface through a 
> gateway on eth1:
> 
> fw/192.168.1.1 <-- eth1:192.168.1.0/25 -->  gw/192.168.1.2 
> /192.168.1.130 < -- ptp --> lx390/192.168.1.129
> 
> lx390 is defined on fw with route add -host 192.168.1.129 gw 192.168.1.2.
> All hosts on eth1 use .1 as default gw.
> 
> lx390 can connect to hosts on the internet and the eth1 network, but 
> connections from eth1 (except the gateway .2) are blocked.
> 
> Oct  8 21:05:00 harpo kernel: Shorewall:FORWARD:REJECT:IN=eth1 OUT=eth1 
> SRC=192.168.1.3 DST=192.168.1.129 LEN=48 TOS=0x00 PREC=0x00 TTL=127 
> ID=19200 DF PROTO=TCP SPT=1031 DPT=139 WINDOW=8192 RES=0x00 SYN URGP=0
> Oct  8 21:06:30 harpo kernel: Shorewall:FORWARD:REJECT:IN=eth1 OUT=eth1 
> SRC=192.168.1.105 DST=192.168.1.129 LEN=60 TOS=0x10 PREC=0x00 TTL=63 
> ID=37539 DF PROTO=TCP SPT=32768 DPT=23 WINDOW=5840 RES=0x00 CWR ECE SYN 
> URGP=0
> 
> How can I define a FORWARD rule 192.168.1.0/25 -> 192.168.1.129?
> 
Add a loc->loc policy of ACCEPT and set the ''multi'' option
on eth1 in
/etc/shorewall/interfaces.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Shorewall users - Oct 2002 - Access through gateway

[Shorewall-users] Access through gateway

[Shorewall-users] Access through gateway