Shorewall users - Apr 2004 - static route

I have a client that is using shorewall version 1.4.8 with two interfaces
and standard policy.  They asked me to help them troubleshoot a problem with
an internal static route.  The customer wants all internal requests for the
network 192.168.128.0/24 to be forwarded to 10.0.0.228/192.168.128.1 a
machine on their internal network.  The problem is that when I try and
traceroute to 192.168.128.1 from inside the network or from the firewall I
get the following message "traceroute to 192.168.128.1 (192.168.128.1), 30
hops max, 38 byte packets," then it times out.  I can both traceroute and
ping 10.0.0.228 from the network and the firewall.  After doing some
research and trying various many configurations, I am at a loss.  Any help
would be greatly appreciated.  All other features of the firewall are
working perfectly.

Any help would be greatly appreciated.

Thanks.

David Fair
dfair@circuitryman.com

Shorewall version 1.4.8

1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:0c:f1:a4:e3:5b brd ff:ff:ff:ff:ff:ff
    inet 64.30.209.239/24 brd 64.30.209.255 scope global eth0
    inet 64.30.209.241/24 brd 64.30.209.255 scope global secondary eth0
    inet 64.30.209.240/24 brd 64.30.209.255 scope global secondary eth0
    inet 64.30.209.243/24 brd 64.30.209.255 scope global secondary eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:04:75:a0:6b:98 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global eth1

192.168.128.0/24 via 10.0.0.228 dev eth1
10.0.0.0/24 dev eth1  scope link
64.30.209.0/24 dev eth0  scope link
169.254.0.0/16 dev eth1  scope link
127.0.0.0/8 dev lo  scope link
default via 64.30.209.254 dev eth0

Hi David,
> machine on their internal network. The problem is that when I try and
> traceroute to 192.168.128.1 from inside the network or from the firewall I
> get the following message "traceroute to 192.168.128.1
(192.168.128.1), 30
> hops max, 38 byte packets," then it times out.  
Try adding this line to your /etc/Shorewall/hosts file

-
loc	eth1:192.168.128.0/24
-

Regards
Sascha

-------------------------------------------------------
Sascha Knific           K Systems & Design
Tel. +49-8151-773260    Wittelsbacherstr. 6a
Fax. +49-8151-773262    82319 Starnberg, Germany
knific@k-sysdes.net     http://www.k-sysdes.net

Thanks for the info, I will give it a try.

Some interesting additional information: if I traceroute to any address on
the 192.168.128.0 network, other than 192.168.128.1, the traceroute works
and passes through the 10.0.0.228 gateway.

Thanks again.

David

-----Original Message-----
From: shorewall-users-bounces@lists.shorewall.net
[mailto:shorewall-users-bounces@lists.shorewall.net]On Behalf Of Sascha
Knific
Sent: Friday, April 02, 2004 2:12 AM
To: ''Mailing List for Shorewall Users''
Subject: AW: [Shorewall-users] static route


Hi David,
> machine on their internal network. The problem is that when I try and
> traceroute to 192.168.128.1 from inside the network or from the firewall I
> get the following message "traceroute to 192.168.128.1
(192.168.128.1), 30
> hops max, 38 byte packets," then it times out.
Try adding this line to your /etc/Shorewall/hosts file

-
loc	eth1:192.168.128.0/24
-

Regards
Sascha

-------------------------------------------------------
Sascha Knific           K Systems & Design
Tel. +49-8151-773260    Wittelsbacherstr. 6a
Fax. +49-8151-773262    82319 Starnberg, Germany
knific@k-sysdes.net     http://www.k-sysdes.net


_______________________________________________
Shorewall-users mailing list
Post: Shorewall-users@lists.shorewall.net
Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm

> Some interesting additional information: if I traceroute to any address on
> the 192.168.128.0 network, other than 192.168.128.1, the traceroute works
> and passes through the 10.0.0.228 gateway.
Can you ping to 192.168.128.1?

Sascha

-------------------------------------------------------
Sascha Knific           K Systems & Design
Tel. +49-8151-773260    Wittelsbacherstr. 6a
Fax. +49-8151-773262    82319 Starnberg, Germany
knific@k-sysdes.net     http://www.k-sysdes.net

> -----Ursprüngliche Nachricht-----
> Von: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-
> bounces@lists.shorewall.net] Im Auftrag von David Fair, Jr.
> Gesendet: Freitag, 2. April 2004 12:56
> An: ''Mailing List for Shorewall Users''
> Betreff: RE: [Shorewall-users] static route
> 
> Thanks for the info, I will give it a try.
> 
> Some interesting additional information: if I traceroute to any address on
> the 192.168.128.0 network, other than 192.168.128.1, the traceroute works
> and passes through the 10.0.0.228 gateway.
> 
> Thanks again.
> 
> David
> 
> -----Original Message-----
> From: shorewall-users-bounces@lists.shorewall.net
> [mailto:shorewall-users-bounces@lists.shorewall.net]On Behalf Of Sascha
> Knific
> Sent: Friday, April 02, 2004 2:12 AM
> To: ''Mailing List for Shorewall Users''
> Subject: AW: [Shorewall-users] static route
> 
> 
> Hi David,
> 
> > machine on their internal network. The problem is that when I try and
> > traceroute to 192.168.128.1 from inside the network or from the
firewall
> I
> > get the following message "traceroute to 192.168.128.1
(192.168.128.1),
> 30
> > hops max, 38 byte packets," then it times out.
> 
> Try adding this line to your /etc/Shorewall/hosts file
> 
> -
> loc	eth1:192.168.128.0/24
> -
> 
> Regards
> Sascha
> 
> -------------------------------------------------------
> Sascha Knific           K Systems & Design
> Tel. +49-8151-773260    Wittelsbacherstr. 6a
> Fax. +49-8151-773262    82319 Starnberg, Germany
> knific@k-sysdes.net     http://www.k-sysdes.net
> 
> 
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
> https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
> 
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
> https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm