On Tue, 2011-07-26 at 13:59 +0200, Tiemen Ruiten wrote:
> I''ve got a problem routing traffic through a shorewall firewall
server:
> I want to connect two networks, the internal 10.0.0.0/8 of my
VPS''s at a
> datacenter and my home 192.168.1.0/24 LAN.
>
> I''ve setup a point-to-point (10.42.1.1 <-> 10.42.1.2)
OpenVPN connection
> between my router at home and the shorewall firewall server that should
> act as a gateway for the zone the other VPS is in. I can ping the gw-VPS
> on the OpenVPN endpoint and the local 10.0.0.200 interface, I can even
> ping any host on my home LAN, however I can''t connect to the other
VPS
> (with address 10.0.1.75).
>
> I''ve attached the output of shorewall dump. Any thoughts? Thanks
in advance.
>
You have defined your dmz network to be enormous:
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN qlen 1000
inet 10.0.0.200/8 brd 10.255.255.255 scope global eth1
If 10.0.1.75 has the same VLSM (e.g., it''s NIC has address
10.0.1.75/8),
then that host thinks that 10.42.1.2 is on its own LAN and has no idea
that 10.42.1.2 must be routed via 10.0.0.200. So you either must add a
route to 10.42.1.2 via 10.0.0.200 to the VPS''s routing table, or you
must come up with a more reasonable IP configuration for your DMZ LAN.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Magic Quadrant for Content-Aware Data Loss Prevention
Research study explores the data loss prevention market. Includes in-depth
analysis on the changes within the DLP market, and the criteria used to
evaluate the strengths and weaknesses of these DLP solutions.
http://www.accelacomm.com/jaw/sfnl/114/51385063/