Hi Tom,
Thank you for your quick reply.
I aplied changes as you suppose, and now users can
comunicate each with others. - thank you very much.
I have just one aditional question regarding
PKTTYPE=No variable.
I didnt find it in shorewall.conf so I simply add it
at the end of conf file (above #Last line :-) ) So
question is it is standard feature of shorewall, and
from which version it is available?
>From your reply it seems that problem is somewere in
iptables/netfilter. What do you suppose to check?
Thank you very much.
Best Regards
Dominik
-----Original Message-----
From: shorewall-users-bounces@lists.shorewall.net
[shorewall-users-bounces@lists.shorewall.net] On
Behalf Of Tom
Eastep
Sent: Monday, September 27, 2004 1:03 AM
To: Mailing List for Shorewall Users
Subject: Re: [Shorewall-users] routing between
networks on same
interface
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
litin@unhfree.net wrote:
|
|
| In time of migration to new Shorewall version I
leave same
configuration file,
| but from that time any communication between users
located on same ap
isn''t
| allowed:
|
| Sep 26 20:45:45 weedle Shorewall:FORWARD:REJECT:
IN=3Deth0 OUT=3Deth0
| MAC=3D00:50:fc:3a:02:9b:00:e0:98:be:7d:0f:08:00
SRC=3D192.168.140.198
| DST=3D192.168.140.230 LEN=3D60 TOS=3D00
PREC=3D0x00 TTL=3D126 ID=3D58717 CE
PROTO=3DICMP
| TYPE=3D8 CODE=3D0 ID=3D38899 SEQ=3D34560
You need to specify ''routeback'' on each of the
''ap''
entries in
/etc/shorewall/hosts.
|
| Also with same configuration I am finding in
shorewall log some
| broadcast/multicast REJECT which wasnot present in
past:
|
| Jan 1 01:00:00 square Shorewall:OUTPUT:REJECT:
IN=3D OUT=3Deth0 MAC=3D
| SRC=3D192.168.144.217 DST=3D224.0.0.5 LEN=3D64
TOS=3D00 PREC=3D0x00 TTL=3D1
ID=3D62155 CE
| PROTO=3D0
|
Try setting PKTTYPE=3DNo in shorewall.conf. The
Netfilter pkttype match
feature seems to fail to identify some
broadcast/multicast packets.
- -Tom
- --
Tom Eastep \ Nothing is foolproof to a
sufficiently talented fool
Shoreline, \ shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \
lists.shorewall.net/teastep.pgp.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
enigmail.mozdev.org