I have a DMZ (eth2: 10.0.100.0) and a LOC1 (eth0: 10.0.0.0) defined on my firewall. On one of the port on the switch serving LOC1 I have now a router and a switch feeding a bunch of computers with net=10.0.200.0. While I have defined a route to reach LOC2, I would like to define also a specific zone in order to assign different rules to it. Is it possible ? if yes, what is the syntax of the line to add in the zones file? Is there anything else one should keep in mind in this type of configuration? Thanks, Costantino --------------------------------- Do you Yahoo!? All your favorites on one personal page Try My Yahoo!
On Mon, 2004-11-29 at 13:42 -0800, Costantino wrote:> I have a DMZ (eth2: 10.0.100.0) and a LOC1 (eth0: 10.0.0.0) defined on my firewall. > On one of the port on the switch serving LOC1 I have now a router and a switch > feeding a bunch of computers with net=10.0.200.0. > While I have defined a route to reach LOC2, I would like to define also a specific > zone in order to assign different rules to it. > Is it possible ? if yes, what is the syntax of the line to add in the zones file? > Is there anything else one should keep in mind in this type of configuration?Please see http://shorewall.net/Multiple_Zones.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
To keep the proportion of the drawing, the attached file contains my posting, Costantino --- Tom Eastep <teastep@shorewall.net> wrote:> On Mon, 2004-11-29 at 13:42 -0800, Costantino wrote: > > I have a DMZ (eth2: 10.0.100.0) and a LOC1 (eth0: > 10.0.0.0) defined on my firewall. > > On one of the port on the switch serving LOC1 I > have now a router and a switch > > feeding a bunch of computers with net=10.0.200.0. > > While I have defined a route to reach LOC2, I > would like to define also a specific > > zone in order to assign different rules to it. > > Is it possible ? if yes, what is the syntax of the > line to add in the zones file? > > Is there anything else one should keep in mind in > this type of configuration? > > Please see http://shorewall.net/Multiple_Zones.html > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a > sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ > https://lists.shorewall.net/teastep.pgp.key > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: >https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >__________________________________ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail
On Wed, 2004-12-01 at 13:46 -0800, Costantino wrote:> To keep the proportion of the drawing, the attached > file contains my posting,If you don''t include the information that I ask for at http://shorewall.net/support.htm THEN I CAN''T HELP YOU. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Find herein attached the zip file with the required info. Costantino. --- Tom Eastep <teastep@shorewall.net> wrote:> On Wed, 2004-12-01 at 13:46 -0800, Costantino wrote: > > To keep the proportion of the drawing, the > attached > > file contains my posting, > > If you don''t include the information that I ask for > at > http://shorewall.net/support.htm THEN I CAN''T HELP > YOU. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a > sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ > https://lists.shorewall.net/teastep.pgp.key > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: >https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >__________________________________ Do you Yahoo!? All your favorites on one personal page Try My Yahoo! http://my.yahoo.com --0-886605921-1101940013=:76757 Content-Type: application/x-zip-compressed; name="zzz.zip" Content-Transfer-Encoding: base64 Content-Description: zzz.zip Content-Disposition: attachment; filename="zzz.zip" UEsDBBQAAAAIAPu6gTGWtyGWYBoAAM3+AAAKAAAAc3RhdHVzLnR4dOw9a3Pb Onaf6xn/gv2CnX5o2iYyABLgY9Z36ti+d71xbFeWm9nJ7KSyRCXayKIiUnn0 1xcgRRIUQQogKUp5aBLbosTz4nnjgHy79P3wv84uIXsZgL/5x7+C4IO/9L4M ZzPw2VsGU39+fIR7sOccH72VfX26AMPxeMlP+3J8hFww813wl+vb27uXZ+ev nj/c/QaewhVA1DQo+DSeBiMw9z+tvJV3fATYazadfzyZ+f7icTj6CCB08//A 43JcPBqfOp17IUDYYtTBHjqxo+/y95iQ5D8IRv7CAx/8IGSUZedR4LroBGFb +EL8KXt9Hs6m43ezSQgmTBZMDGCx9Cbecunljh4fERd44QfIGH7Zvz27OD+7 Hzx//XA9uIr+SnknjI+Y9cVkOvHfTYaMmk8zbw4QTJiJ5MCAMWScxUcXP7rQ cS3iel7E2GTi5v+JQoCxDAz7BJuxGOIjmQTez/zH4SwiV5TCxLOh6+IIH4fq RTg974Sa6xM5YfqSoZFk0C4l47jO41bJYIR7iAnDRLF0nOgM8ahpFCSEtkrI cR6bSsiKJITbl5ABXcQkNHFH0LWHarqDIbcgUXf4EZn2YIlsIoyxbDhWe9hU NrYLgmnI7erm9qyfiMK0YepB/IXAOvsuiPV97S/iv8s91tJfhd7aZeU0hHIN GXufIy0AjDw/9MFHbzn3ZkDgiP29HG3oFnN+kQ0yuUEuyc/TYWqX7BqugcL1 19ZfSo5uQ5UZ+Pp8DPMQsBKE6DIzCNRh19aMiEBUACFes7E3Ga5moSAN8VOp ZLPQsfQCj/nTa384ns7fg5NVsDwJPgyX3kn6nZPJaj4KWXwJer3e8dHd0h95 QRB92wtHwvcWw+XwKQBbvpX+1Rv580n05QT7a3+8mnkxmvuUxHN/NQ9ZhAP9 mFYpR+FyOPIWw/ADSC8udw7Mr4HAmzPDGk5n3nit4AzQ6slzwYJrKyXEICVQ T4LH6TyjGAThMFwF4DdwEj4tTuJ3vfArI+r46D9rv/jZx0d/evvXP73Ff0v5 fhEFc3AfoxyGIKHtBXjjjcGFNwIAAWy4GDMvC84vB4BpjclBpRKLru7m1xHz A/mvfxhO5+Dq5u5hAJ4t/Nl09A1c9G/vAAQLFuu9MHjO/nz8FnrBvzMJLj6G QfwOhMPle4aAv7hSA38RMocTvWeGG/0O/NVy5IH8a+wF4XQ+5EqVHouvDQTx z7Pz88u7QfSGCx68eMFciB+9/4/1CYl1QgGw9GAecsRZ9PrzdPS0iCCvQWpD 5hrgMcn9z9n11UWEB1MmZESoEZniu1gYKQexedblgJ9KzAgylECG9SEnsuHO RQIZN4e8WCwK0uDHmkPue//0RrGupZDrXs885OvbP5IPGkPmsCaz4fuAwZ2x 2DkDNIqp06/gf1OTdyMbdPuXf7s8H7j/tkHOslVGE7P//bb/5qx/cTCGv1vz zKk6ejf5MgatmacAGUogt2WeRchtmecG5F/muWmea1vp1kBvHwaHHpjX3K3j c93r2ZXlCxysxoscB2sHoI6HAxgvwsCllkvtCJHhQIAJchCYfMFzT64P2ojy LDDIM3+ESiDDUshiRZODjNjXWCL8ag0Z14OcllQC5JRmBg5HIKWQcSnk7dKo gLz2Yb+c18yN/Ui3vuti6S/AMwSi5oE3H3Xop+JLd7ZiFWHb127MuHo54u2d XUC+mkfdl9Zh82tx//olf7MDyA938zuwE3nc+OH9t/lOiL64uV96i9Y1fg32 Gd6H3mdRtBDdtNniAIJF6BJjg0OuR/sx67bZY8HbRQbZPZaAobHYf6cDhkyz gqFw1BALB7BVbC1iqZBYa1hiiYkqHjm0H8OEIzE6EAoc3vj3q+VkTzZcN9eg JsswKV8I6tloZ5CTD1qCTHvYjtdosNEqZAydHrJJD+GeabUKGTlGtFyCTNqj TpuQmZyx4bCrxyhvl2YuZ5ORTHCPJMdag4yQ06N8tVpe2TSRBlcMxHSDtgvZ 6ZlMpYnZs53kWJv6jIjRM3ByrCV9RrRnGT2HL9UloNuCzK6dxYHbadnbFmQc KbTBROKYrUJm1o0Z0Qwss3CjRcg7tEF26ZjmGWaPJO65LY9kwB4XhEF6Zru6 gQjqMT8KmW6kx7Iwua7/n5kdhkmEeCuGvtpBBZuCbr2CTftHO6hgU9ixQKIa tmXIrVewOXm0W8HmiN5BBSuo3X7SX8GU26sikFFgcX9FrMDhDovYHWApK2J3 wVCxiN2JYlSJbYdF7C6w5IvY4bor/gzDfeh4xTqRNoPxak7/8vpscHnx/PJ+ cPby+ur+r5cX0ojZDs68r+2+Xb++fBv9+pSguvmOnNVEZ7K8oFvXn0y2CJ2P xlzdvRoM/n53CU7B49IfjiOu8iq6G2xPq1k4XWMT5ZpkRXvvKbVkjtniqsjl OtfZO5OtONXISt0/w6+InsCvEIu8fpsPn6Yj8MzuitEEczpesp/cJWEctK1I z28u32zg4mvc6yX0TVzJArpsRbvcn+chj5/+Tw4ZN4A83L4YXZ9mrCKNjVV4 VcgK0tCHrCoNNcg5E2C/u7WAJEh1YQEJrkhPJ1/4oTJcTbRJAbL2lUE/iXOa +8vJCDnIbg2XBIcXJoM+EsOEpThK53w2IeNakCvnfDjkEpNvOOdTAbnGnE9O ZTt3JvvQ2IrBN21cksG3LkwjG6/nyhC7rzYLoHTC9sfXhorQ3HA6sRpyE6/V CHLd6cRmvgX/HL6lQn4NzDGZc92P/DpsYclwttUXDFziQMh/oHJkjSeuu1MH /Esd+Os7UIe0W7kzdeDlcJfaYGCH5R8mxT+KNsSznew9ZR8alDq7yBJTJDv0 PFGIprnB+sYyilq5C38ZMibYzwDY8LkNbajYwo/102VfTsftEyrb1J7MILgo x94EPOtsxSfBnPbTfkrX3FiFIwDht4UHNkup3XjOpK30K5CCBq4T4x8lWhf1 L2lA7lD/uo7dP54CVoXV3cXu9ew4f+0uwu7uguW0EP8KWt9T0MK/glZTn/Ej B60O9O9X0GqqgPsJWruJIMmK1DPys2hEtKM7frUgx+iT+PM9jNitr57Lx4YK G+LbHJjKK0zHISxbMtuLvuxisyalHQSxyki5w+BVscrdUPF+3qWU7/Vy/aRL Hd/f5UoHHvYz+Nq/HDz0b6I3ZVwJt1qObhcbnynlShOysrxGob+cvh8HYYEY 7dC7cWPU+LWdmzaDesbNBjF5lOkkTAUzFt84GZ+ebqrdzowC5DrM5IjR58Xh ty1l/8Uhjr3xIhJTixVEbV0d2x0rAjG1USY7fnMHu2YmI0YbG16fmu3WBfvj IyNGGxs5JD4yYrSxWYfER0aMvrHD9NzstS8+BGL0DcQ4IEYEYvQZkanW3hhp oFoGOiBGBGL0GaHrc8UgsjdGMmL0GXEO6YpkxGijMw9JtcwGqmXK4vreGGkS 1+1ULbPXvhgRiNFGRxPQh3BFBGL0M5Tk3EO4IgIx+owkapne4ArskZGMGG10 9iGlKHaDFMU21+cm1WF05r4YyYjRZyRxFIegWgIx2uicJCtI7rUXnbknRgRi 9OsRWfq7L0ZQk/QXOYfEidOAE4wTpyeEkn1xIhKjz4mZAM+adPvjRCAma6mn T6T4tRNPB5cOZFgK+UB34tXYP5xTp+nPsBNv+bSLjbHr+w09M+D3fveaQ7gv UPTt+BwVbBtPwYxf8usVw4x/qqyjxVDSBcH4zNYgJ8+mTF6tQK65kqkCGSc5 tFZYjG/RFb1pPHwS29mLL9PwAwf2In6CX4Qvuw9mhq/xwJyIj6+av+Bj2C9W 86U3HH0YPs68cl4br9IXcPNn+6rhbmyXctzMbX2YPk5Dbyy6vnXW84x0eRvY lOvu5+LWDHc5F7cOWr8ma0ENnHseWGsTi3Iq2EDXsse5dr9PMnhaLSdBh4j5 Tw1PopxpqHmSmN3ajqRm3qPAp3Le0wmfNbMwVT5VsrDu+NTPCVX0VjUn7EZv 62WoKnyqZqjd8KmeLx8fZU+ghoZrYiDsjr+6OeWPuTyNuh33/fPT/APbwcX9 4JQ/EIE/XIB9YDjg+vLmlEIwuL0/hV8hBHf9y/P4r8Hg+pSa4Ori1EA2QuDi d/bh7eD2dHB+B+7vBqeGgRwKLthfNgRvrm4ubt+cEtvk6eUa2P3fb8BD/4+7 U74NMU826YZso12yCeqGbNIm2SajvBuyrXbJxlY3ZDttkk1c1I1u41ZNkroE 6pJNjV707CTmmxFWIttCDIuUaqsO1QjVsEh9qoljGVROtl2LbNqJI8HUoSWO xKlDNmbS7sAiHdO0ZVSzdKcu1U5SACU3gRcohxHl68QxoTptrqOYZEIMUkY1 4kQLWv1wEVNMTBubEcUmfyWAENkDeeiwycOHTZ5x2OSZh00eOWzy6GGTZx02 efZhk+fokXd8dHM2AAPeMc86TQxsnxF1dfMHeLbwZ9PRt6RRB8FiOProhcFz 9mfUc+qk9XV3ez8ooYhaGUkmdMwOqGI/GNYYW3QH6Kdh8KmV9feE3/h565us WgKrlDivOrwAGZv7abO/Prv/74fL/tnF5ZYOkf5jBpRB5wG3Chrvhmr1jY7H R6+H8/czT90TsFQ700ZsYEI7sTyONsa2WHqhH0QflAmghuVd3UgMby+8JhT9 ftt/c9a/OBBPLPdMJkKCa7JRF64JRFhjbOz0HehCRdQxocAwpgh1EXcSutbc 7scTs9wj+aDNxUcOlk8rwK8ovoEbtk3mwHgF3DbGoATjjnlEXWIM9oMRChjh 5lrvTqRawJgO7cXhoUsj4Y1IZNrsZ1dGsuPL+ctIflgjiYa/+AtZAFsgWI6S ypNVGeMgTN7xJciAz3XxdqSN4lttnhqQ4CT+nSJqktiiTm0bWaysfPtw07+8 u766vPiHCJnDEkAzREEGbSwgSSCvExv2exV4p+j4KBIJf1FgIGRZGIhTMgIq 08kw8ZLAWKPij2yNMSFoZIhwQj+U0x6DEGhn8IMMzDiFXUp5Tt5OBHmjdcyh 80PsLYZ2LxEOK95NuMZAjEzoawTUKFCcA5JAFRAFCayxgEBF5IxXMLh6ffnu zdnVoJSFXPc7VR2Y8GBnuNZZ9CnP4yJouVNLKbdhpiwwg5boIIEmeHt2f//Q 5wKRiR9riZ8y8yiIP1EYZOB6MudQZcCqKSdllPOH3GPT7PHdNqzsy3THwBW6 A2MN3zhXSWUMXACHiCkjGtnaROMdEY0lRFum3LnYrGIucS4EyZ0Lf4Zy4lxs q4DKVHUuDH6QgRmnsJXcImYVv1NKOSxzi05COTaKiqnsFhn8IAMzTmErucVy PXFMdq2NHlOwHsWZmiCjQk1iu9w4VUlLUBEawnJHXmqP0SHC31OGnwr2SMtp JkJcEM5Vs0daAGcRqX5Ay7JVwyaW6AeBWvqB5WGTg2lLPwTnK0ialeTl2oE2 vbaimBnQgpgtGbHMF+pQS22Jy0vjgqBnWuRyqJvAMNoSHi1tdw2rdJrUd9ew qNOIEKkh6seYVKPbDoxOkWhMpZZo2hbUT2BTSzRgMZwpx5jMEjkYTUtE+jqC q3TEbhDSJTrCeJPpSKlFlhFNmVptzfzqUM0BKyV/OXVhZZLVQF0wKTqDGvUO JvrqopVv2xCVq0rRcSuWOFm/VuK4c5kfprSGVaaZHzIaZH6ZmJGQP6lmfqwQ L838yiK7kLMaEnlXUV4S2Y1U7Mo5K0u27VKZb+asEsoxIvUpF3JWRFQob5YB UiwJPLJyUjcF5ICVnIquaQo5FazqRNTNqYQavjqnQpXUStNtJPHgEoK1021k K9KMDT0JG1UShjUlbEgkLE9JEMKlxcFm2SszRLuYH6sbYlr2cjC6LoQ4do1u YJZMUT3nV5ZMUSOFWBEd85RDy9ClXHTbqJhx1qEcOboyx5CfVJ9yJMmVa4VK fcopdGo0STKZm600STgY3SDPynfUIMhjU0/mZeW7qSRz3fJdzAKr6rOaTVcO tOAIbWmo0WzRY1JOLbFrUouLWY0lbbHi0npMTq1R0RoRmlB61BqS1khJBwpi 5UJG1oEyiolTnQ6UoeSqlVoj8liOqtrYZtW6jWoWgtXoRvp9SlzVW83yEO3E CRfByVMR5hGpsqOT1WGOXipSFlwcM9US5ToMY+2wKOo3KqZrNSjnYDT1G1FN Bd/eQ6uh1BIfLdeQqgXgsiBu2KmcoVnsCaiv0aRBnIMZp7DVUj7qlKd8CqtL JmyQrGZpNgejmzhhxL7aQLc1fXeZbuv7bqRZiKGKiF5/+UAS0aVlo+ZaB6wq cwvJkmpdLqlx7RJD1K+9cobYilJwMLqGaNuOdu0lBBnTaqVq5GA0g0wtFyIY ogkbhEfRhWThUVXmDkLK2iJL/3CDHoPgQrA25ZiVmqUpSVl3RKTcJlp6Xtod IfqU12gNi90R0orMORhdylmx0KjelQyq1NGWdI5Gud6tzLklLryqJqu5/mtL jNxCUjET01GeCpA1RLDeVEBZEwpnOat6tm1oZySiggg9gSYZSdqvUG9ZUoc2 GWA0NN1JmcwFd6JKuQOdckdYsl6Tc+ENjFJYr0nnxNTdSZ01d7HZKllHrLXm jjS1xeS3MCjquc3Q2MwrOD2MhYp+0ycwUtL1REH2Nksh1kmijWFpdyOPJEig jAXQCUQHmwlEym/XUbmibVvMdssuBr8/RoSckUNpz2GyTCaREbLTfAlDcQIA pkOg1IlT6Nzp5fKJwIwz6BnE5Cqz2E/JthV6p07LQsgP2in8baXCPx9lCVUe d5QZtFkcaKiT2Zi2CuVqrc/yyZ+qXm3c/aw3+VMs7hDEet3l8vmZilZLo/kZ ybiSKZ2fgWU0l/YQ0/ZCy4uvku5HySwHsiqKpO2zsLBJt0LoEKl1K/KuBBJt VyJmNaSVOMXB6GY1FrbLl9a2LyFDq8ksRzY5bSnNcjReQhZzA9rOPB7VLjWw St9WXP+pahcVKc4BUXOFthrhSsts4qqEZCvGhhfUL5JwcWCrZFMA393UpHMh mR6uU4sipSq6kZyritHacpYUo9LlzMplNvmYT9XIIJYqtP7Ij+K+tFpTEYKW ILOVLBCZ2ss/ht40GCVVG6MEn6SlJhxqARjTucrMGzmmYTbohkKrSaAXgo52 oEekYrsOsuIchdVmPZOrKuk5qV9B6WybUDYk1RffBBeJP3dmqfyzigGhYiZP DLpF/HVW4sSYbzQYTRbzLO3IqT3nURE56895SBZapI6xck+JPAWvCphCh1I7 BZfETHljEXNTaJDIavZvyxJZfdVw9HbwWJVzvcKeUy1vaMmGeolkB0/j9pwo c6xXPJS252oUDzYsbeYqOBKzibZklJv62lI9CF7MsIwKw6xOwVVnfi01kfOm lfa2ElFZrHb655Z+/9zC6u02WaXZztKQYtTJyZxiW3u1Raw0STFi1Kk0iV1D 5vrVfS7RKu7XqlXdp91a5USLbzJpkiLaei3OshTRVmpxNtbzki5WIz3XTW5N 7BiS5FZ9zQJJ1ixYqpnEQZOU767YtmaBhCrDTFYNELWwpMevPWor+vmKHmhx 1FbVt0saoPJ9sZW3upBvUK9q2jYY/JTRTGU0o9JGc2lzPJ10LB9/qtUclwxi IiLv6KtMlwl1BKrYDlt7jyOS3ANAvjldj1hYtWBSGE1QHcWXjMIhqQ5ritao 6gUVhlJVG5qS7aPyHVSQlG8fVdlBZeptHy1dSdO+cQjfh9Skb7WDERDVxRJM TO1lnlyNqZeUlFQNOL23h3LVUKra5fdaqNpTgOq7Osm9BBD7vK3kNTdL1s5+ NeKo6EmDEWBqSJo92c7aDJhW8OZQN9m3txX0LOkpX55XmXRvMuwpTLonywKV A7Y5521ribz6rhyVtzpTTUNUCdfshcvub1FxkzDVLd1UCqwyQ0VUczUQS7Kn rHFlbpKu2tQsRgNWyDToI5e5lpyet9Is5GAU9HxjadBWtlDp0mDxSqsP0Ah3 MNCvi+uMY+eaha1UlzjdcKaesNhIfZZPeteIdihHupSbCJHyVCsZfEMm+zt6 ZJPdS5HRbCDDoML+JX7TjbWRMRe3vn1RDkCp0caAxhn8FCZNmDAIIduWgBxT /c4BsiUgq0nnVmgM6S8BGZqNfkuyOJ75y5o1PYdaAEYlA5Rq+zrLS+WqvnOD /BEVyxamTAnRx0dXd+Dcn0+m71fL6MbJ/Bhywcx3wV+ub2/vXp6dv3r+cPcb eApXLIQxpQSfxtNgBOb+p5W3Sh7nPZvOP57MfH/xyJABCN38P/C4HBePxqdO 514IOE+RCp3Y0Xf5e/Fpm8HIX3iAP8+bkZadR4HrohN+bwzhC/HH7PV5OJuO 380mIZj4S++zt4yeluktl17u6PERcfmDNCBj+WX/9uzi/Ox+8Pz1w/XgKvor 5Z4wRmLmF5PpxH83GTJsn2beHDDNh4IgGDCGjPP46OJHFzquRVzPizibTNz8 P1EKa09j2PyZE5Ec4iOZCN7P/MfhLCJXFMPEs6Hr4ggfh+pFOD3vhJrrEzlh NURDI9GgXYrGcZ3HraLJK/oJM2d+hniUlZqbIkJbReQ4j41FZEUiwu2LyIAu YiKauCPo2kM17eFPLEE57UmezbspHCwRToQxFg7Hag8bC8d2QTANuWnd3J71 E1mwujZ1I/5C9CHsy8k9s2OnEf/N3VLfX4XT+XvQX828gB+A7r9Mlv5T9GgJ 5ns+rhbs14hxd3xkYIvS4sf/39rZ7SAMwlD4VfYG/lyo8W1QMFmcLll0z+9a KG0hMiFeOshnOT3tdkUfcAO9Xz3mq9bdzHt44T3cOG/F487w+zKNxl4hZWlr sm5e9vmr6sfu7qanGzopGjRvbnCdYtFRAYKjptYwsUPkHBxWQ6T9TyR0y0Ly solHZQq22ZzC8SR1GWi7tZiSt5mKyx+6rFMSV66T+oNDe1xZBskI/8ihYNVl UXuUjVXnTq95+u1SVIp1/5bByC/FI9KXxRNPtDk1MKieof6xnLUR4HXS7IX4 6YuDoubexARvRV2HfWFXk1W4yAWiziHJ5ClmqB5PfZAlUcskZtiGen4AUEsB AhQAFAAAAAgA+7qBMZa3IZZgGgAAzf4AAAoAAAAAAAAAAQAgALaBAAAAAHN0 YXR1cy50eHRQSwUGAAAAAAEAAQA4AAAAiBoAAAAA --0-886605921-1101940013=:76757 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
On Wed, 2004-12-01 at 14:26 -0800, Costantino wrote:> Find herein attached the zip file with the requiredYour Shorewall log is telling you why tracepath is failing -- LOOK AT IT. You have to add a rule to allow tracepath traffic. Aside from that... The biggest problem with this sort of setup is the asymmetric routing. Traffic from your local LAN to the remote network goes through your firewall while return traffic does not. Look at all of the UNREPLIED entries in your conntrack table. Your choices are: 1) Add another NIC to your firewall and connecting the VPN server to that interface. 2) Alternatively, add a persistent route on each of your local systems to route VPN traffic directly to the VPN server. 3) Or configure the VPN server to gateway all inbound traffic from the local network through the firewall. I believe J2 has a setup that looks similar to yours -- maybe he can offer additional words of wisdom. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key