On Thu, 2011-09-01 at 15:12 +0200, claus wrote:> Hello List,
>
> I got 2networks (FW1&FW2) connected via openvpn-bridge both running
> shorewall 4.4.22.3 wich works just fine.
Then you actually have one IP network and two LANs which are bridged.
>
> I have added a 2nd openvpn to FW1 where roadwarriors connect and
> roadwarrios can access any machine behind FW1 fine. Though they cannot
> reach any machine on the LAN behind FW2 and I dont get why.
>
> Is there any HowTo/FAQ for the above scenario?
No.
> shorewall-dump from FW1is here http://pastebin.com/LVrUtdGT
>
>
> Ping from roadwarrior->FW1->FW2->host is seen as localhost by
tcpdump in
> FW1, could that be an issue?
Do you have routes to the VPN network configured on FW2? If you don''t,
there is no way for the response packets to be routed back to the
roadwarriors.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better
price-free! And you''ll get a free "Love Thy Logs" t-shirt
when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev