Hi I''m using shorewall 2.1.10 on redhat 9 .. The machine have 2 network card eth1 inside network and eth0 internet(router) I define a static route on the linux system ( route add..) to another router But when I try to ping to the host/router I get "fw kernel : shorewall: forward: reject: in eth1 out=eth1...." Eth1= 192.168.220.254 Route add -net 192.114.122.111 netmask 255.255.255.255 gw 192.168.220.170>From 192.168.220.10 ping to 192.114.122.111 fail ....Help please ... nimrod
2005/5/10, nimrod cohen <nimrod@schieber.net>:> Hi > I''m using shorewall 2.1.10 on redhat 9 ..update your distro(EOL) and upgrade shorewall.> The machine have 2 network card eth1 inside network and eth0 > internet(router) > I define a static route on the linux system ( route add..) to another > router > But when I try to ping to the host/router I get "fw kernel : shorewall: > forward: reject: in eth1 out=eth1...." > > Eth1= 192.168.220.254 > Route add -net 192.114.122.111 netmask 255.255.255.255 gw > 192.168.220.170 > > >From 192.168.220.10 ping to 192.114.122.111 fail .... > > Help please ... >give us a clue about what are you trying to accomplish with that. read the support guidelines http://www.shorewall.net/support.htm
2005/5/15, nimrod cohen <nimrod@schieber.net>:> Hi > The problem is thet the firewall is blocking a static route > Thet is define on the firewall machine .. >Daer Nimrod:>From today,I decided to ignore posts that don''t follow the problemreporting guidelines. http://www.shorewall.net/support.htm#Guidelines sorry,but posts without the needed info are annoying me too much.
Hi The problem is thet the firewall is blocking a static route Thet is define on the firewall machine .. -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Cristian Rodriguez Sent: Tuesday, May 10, 2005 9:48 PM To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] static route problem 2005/5/10, nimrod cohen <nimrod@schieber.net>:> Hi > I''m using shorewall 2.1.10 on redhat 9 ..update your distro(EOL) and upgrade shorewall.> The machine have 2 network card eth1 inside network and eth0 > internet(router) > I define a static route on the linux system ( route add..) to another > router > But when I try to ping to the host/router I get "fw kernel :shorewall:> forward: reject: in eth1 out=eth1...." > > Eth1= 192.168.220.254 > Route add -net 192.114.122.111 netmask 255.255.255.255 gw > 192.168.220.170 > > >From 192.168.220.10 ping to 192.114.122.111 fail .... > > Help please ... >give us a clue about what are you trying to accomplish with that. read the support guidelines http://www.shorewall.net/support.htm _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
nimrod cohen wrote:> Hi > The problem is thet the firewall is blocking a static route > Thet is define on the firewall machine .. > >>From your original post, it sounded like your situation is covered athttp://shorewall.net/Multiple_Zones.html. I sent you a link to that article which includes some simple instructions to make internal routers work. You neither acknowledged that off-list post nor have you given us any additional clues as to what your network looks like. So I''m with Cristian -- either show us what you''ve done (follow the guidelines that Cristian referred you to) or go away because we''re not going to solve your problem if all we have to go on are non sequiturs like "the firewall is blocking a static route". -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
SOLVE .. Thanks .. i had to declare a second zone .. it solve the problem ... -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom Eastep Sent: Sunday, May 15, 2005 3:34 PM To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] static route problem nimrod cohen wrote:> Hi > The problem is thet the firewall is blocking a static route > Thet is define on the firewall machine .. > >>From your original post, it sounded like your situation is covered athttp://shorewall.net/Multiple_Zones.html. I sent you a link to that article which includes some simple instructions to make internal routers work. You neither acknowledged that off-list post nor have you given us any additional clues as to what your network looks like. So I''m with Cristian -- either show us what you''ve done (follow the guidelines that Cristian referred you to) or go away because we''re not going to solve your problem if all we have to go on are non sequiturs like "the firewall is blocking a static route". -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
Hi The problem is thet the firewall is blocking a static route Thet is define on the firewall machine ..> Eth1= 192.168.220.254 > Route add -net 192.114.122.111 netmask 255.255.255.255 gw > 192.168.220.170 ><snip>> >From 192.168.220.10 ping to 192.114.122.111 fail .... > > Help please ... >give us a clue about what are you trying to accomplish with that. read the support guidelines http://www.shorewall.net/support.htm Is 192.114.122.111 defined in shorewall anywhere? Hint check out "interfaces" "zones" and "hosts" in the docs. If you''re still having issues, Please post the requested information... Jerry