Hi all,
I''ve got a funky network configuration going with Shorewall, with
some very weird zone overlaps. I''ve linked a diagram of the config,
which should be self explanatory. It''s working, but not as intended.
http://host.heavyrevolution.com/double.jpeg
The intent of this config is to be able to control traffic as if the
gateway router were not offsite by using tcrules on the bridge. And
additionally, to provide a way to monitor all traffic in and out of the
system as a whole with your usual crop of sniffing software. As another
advantage, I am able to maintain server connectivity should the router
box need to be taken offline using spanning tree as a failover (Not in
diagram).
This has worked fairly well when the bridge and the NAT duties were
on separate boxes. But I''m trying to "unify" a couple of
small boxes
onto a big box (Which creates a config which is a no brainer on separate
hardware.... buuut)
Leaving the traffic shaping *out* if this inquiry I''m getting a lot
of these errors:
Apr 22 04:17:35 lan kernel: Performing cross-bridge DNAT requires IP
forwarding to be enabled
IP forwarding *is* enabled, and I''m *not* NAT''d on bridge.
I''m thinking this is a zone hosts issue which for some reason my
mind hasn''t gotten... I have not defined any zone hosts.
Comments? Anyone tried to pull this off?
--
cozzi@cozziconsulting.com
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/