Dear Member, I have network topoly : Host-1 - Shorewall-1 10.250.0.1/24 | | 10.250.0.27/24 Host-2 - Shorewall-2 192.168.50.1/24 | | 192.168.50.2/24 Gateway 10.0.0.15/24 | | 10.0.0.x/24 LAN Any body help me for shorewall routing from Host-1 to Gateway/LAN Segmen..... I test add command rounting... from Host-1 : [root@host-1 shorewall]# route add -net 192.168.50.0/24 gw 10.250.0.27 [root@host-1 shorewall]# route add -net 10.0.0.0/24 gw 10.250.0.27 [root@host-1 shorewall]# ping 192.168.50.1 PING 192.168.50.1 (192.168.50.1) 56(84) bytes of data. 64 bytes from 192.168.50.1: icmp_seq=1 ttl=64 time=7.67 ms 64 bytes from 192.168.50.1: icmp_seq=2 ttl=64 time=6.67 ms ^C [root@vpn01 shorewall]# ping 10.0.0.15 PING 10.0.0.15 (10.0.0.15) 56(84) bytes of data. 64 bytes from 10.0.0.15: icmp_seq=1 ttl=63 time=561 ms 64 bytes from 10.0.0.15: icmp_seq=2 ttl=63 time=8.18 ms ^C So.. My question "what is create add routing with Shorewall? Thanks, Rico ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference
I dont think you would want to use shorewall for the routing. Configure this in your os and then set policy in shorewall to filter the traffic as you see fit. On 10/25/09, GNULinux <gnulyn@gmail.com> wrote:> Dear Member, > > I have network topoly : > > Host-1 - Shorewall-1 > 10.250.0.1/24 > | > | > 10.250.0.27/24 > Host-2 - Shorewall-2 > 192.168.50.1/24 > | > | > 192.168.50.2/24 > Gateway > 10.0.0.15/24 > | > | > 10.0.0.x/24 > LAN > > Any body help me for shorewall routing from Host-1 to Gateway/LAN > Segmen..... > > I test add command rounting... from Host-1 : > > [root@host-1 shorewall]# route add -net 192.168.50.0/24 gw 10.250.0.27 > [root@host-1 shorewall]# route add -net 10.0.0.0/24 gw 10.250.0.27 > > [root@host-1 shorewall]# ping 192.168.50.1 > PING 192.168.50.1 (192.168.50.1) 56(84) bytes of data. > 64 bytes from 192.168.50.1: icmp_seq=1 ttl=64 time=7.67 ms > 64 bytes from 192.168.50.1: icmp_seq=2 ttl=64 time=6.67 ms > ^C > > [root@vpn01 shorewall]# ping 10.0.0.15 > PING 10.0.0.15 (10.0.0.15) 56(84) bytes of data. > 64 bytes from 10.0.0.15: icmp_seq=1 ttl=63 time=561 ms > 64 bytes from 10.0.0.15: icmp_seq=2 ttl=63 time=8.18 ms > ^C > > So.. My question "what is create add routing with Shorewall? > > Thanks, > Rico >-- Sent from my mobile device ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference
Dear Baron, Thanks for reply.. I want add routing table with shorewall, not command line in console..... My Policy host-1, host-2 and gateway status accept. Thanks, Rico Red Baron wrote:> I dont think you would want to use shorewall for the routing. > Configure this in your os and then set policy in shorewall to filter > the traffic as you see fit. > > On 10/25/09, GNULinux <gnulyn@gmail.com> wrote: > >> Dear Member, >> >> I have network topoly : >> >> Host-1 - Shorewall-1 >> 10.250.0.1/24 >> | >> | >> 10.250.0.27/24 >> Host-2 - Shorewall-2 >> 192.168.50.1/24 >> | >> | >> 192.168.50.2/24 >> Gateway >> 10.0.0.15/24 >> | >> | >> 10.0.0.x/24 >> LAN >> >> Any body help me for shorewall routing from Host-1 to Gateway/LAN >> Segmen..... >> >> I test add command rounting... from Host-1 : >> >> [root@host-1 shorewall]# route add -net 192.168.50.0/24 gw 10.250.0.27 >> [root@host-1 shorewall]# route add -net 10.0.0.0/24 gw 10.250.0.27 >> >> [root@host-1 shorewall]# ping 192.168.50.1 >> PING 192.168.50.1 (192.168.50.1) 56(84) bytes of data. >> 64 bytes from 192.168.50.1: icmp_seq=1 ttl=64 time=7.67 ms >> 64 bytes from 192.168.50.1: icmp_seq=2 ttl=64 time=6.67 ms >> ^C >> >> [root@vpn01 shorewall]# ping 10.0.0.15 >> PING 10.0.0.15 (10.0.0.15) 56(84) bytes of data. >> 64 bytes from 10.0.0.15: icmp_seq=1 ttl=63 time=561 ms >> 64 bytes from 10.0.0.15: icmp_seq=2 ttl=63 time=8.18 ms >> ^C >> >> So.. My question "what is create add routing with Shorewall? >> >> Thanks, >> Rico >> >> > >------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 gnulyn wrote:> Dear Baron, > > Thanks for reply.. > I want add routing table with shorewall, not command line in console..... > > My Policy host-1, host-2 and gateway status accept.Baron is trying to tell you that, for the most part, Shorewall doesn''t do routing! Shorewall gets involved in routing in two cases: a) If an entry in /etc/shorewall/proxyarp has NO in the HAVEROUTE column, then Shorewall will add a host route to the external address out of the internal interface (see http://www.shorewall.net/ProxyARP.htm). b) If you have entries in /etc/shorewall/providers, then Shorewall will set up a routing table for each entry (see http://www.shorewall.net/MultiISP.html). This is NOT a general mechanism for policy routing but is rather sufficient to support multiple internet uplinks as each routing table must contain a default route. All other routing must be configured using your distribution''s networking configuration facilities. - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkrkjUYACgkQO/MAbZfjDLJr9gCcDMCS0z+hslToltSglV6YHVH6 /ekAn2qk7C+lwz17fvH6L6Ao4U/ZLqg3 =Xzgg -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference