Hello, I have one linux router in my network. On eth1 I have two ip ranges. One is private (172.16.0.0) and the second one ins public (195.113.0.0). And I have problem with pinging from computer with private address to server that have public address. From my router I´m able to ping both computer, that´s why I think that problem is in shorewall(3.0.5). Here is my routing table: 195.113.some.think/30 dev eth0 proto kernel scope link src 195.113.any.think 195.113.public.ip/29 dev eth1 proto kernel scope link src 195.113.another.ip 172.16.0.0/27 dev eth1 proto kernel scope link src 172.16.0.1 192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.1 192.168.10.0/24 via 195.113.101.209 dev eth0 172.16.0.0/16 via 172.16.0.30 dev eth1 default via 195.113.gate.wayip dev eth0 How should be shorewall set up, when I have two different ip ranges on one interface? Should there be one zone for each ip range ? Thanks for help ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Hello, here is more debug details. Sorry for posting twice. I´m not able to ping from station 172.16.0.14 to server 195.113.101.221 through router running shorewall 3.0.5. Router can ping both station and server, but when I try to traceroute the server I receive this: traceroute 195.113.101.221 traceroute to 195.113.101.221 (195.113.101.221), 30 hops max, 38 byte packets traceroute: sendto: Operation not permitted 1 traceroute: wrote 195.113.101.221 38 chars, ret=-1 honza (195.113.101.217) 0.516 mstraceroute: sendto: Operation not permitted traceroute: wrote 195.113.101.221 38 chars, ret=-1 0.415 mstraceroute: sendto: Operation not permitted traceroute: wrote 195.113.101.221 38 chars, ret=-1 0.415 ms Thanks for help
Jiří Červenka wrote:> Hello, > here is more debug details. Sorry for posting twice. > I´m not able to ping from station 172.16.0.14 to server 195.113.101.221 > through router running shorewall 3.0.5. > Router can ping both station and server, but when I try to traceroute > the server I receive this:Set ''routeback'' for eth1 in /etc/shorewall/interfaces. And *fix your logging setup*! I don''t know where ''Shorewall'' messages are being logged but the LOGFILE variable in /etc/shorewall/shorewall.conf isn''t set to point to that file. If you had been looking at your log, with the help of Shorewall FAQ 17 you would have been able to easily solve this problem. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Thank you very much. It works fine now. You are doing great job. Have a nice day. Tom Eastep napsal(a):> Jiří Červenka wrote: > >> Hello, >> here is more debug details. Sorry for posting twice. >> I´m not able to ping from station 172.16.0.14 to server 195.113.101.221 >> through router running shorewall 3.0.5. >> Router can ping both station and server, but when I try to traceroute >> the server I receive this: >> > > Set ''routeback'' for eth1 in /etc/shorewall/interfaces. And *fix your > logging setup*! I don''t know where ''Shorewall'' messages are being logged > but the LOGFILE variable in /etc/shorewall/shorewall.conf isn''t set to > point to that file. > > If you had been looking at your log, with the help of Shorewall FAQ 17 > you would have been able to easily solve this problem. > > -Tom >------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642