LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-20-2006, 05:43 PM   #1
chris.zeman
LQ Newbie
 
Registered: Jul 2006
Posts: 4

Rep: Reputation: 0
Unhappy Static Routing results in Shorewall:FORWARD:REJECT


I have been attempting to make this work for the past two days.

I am running SuSE 10.1 with Shorewall and 3 NIC's.
eth0: 10.1.10.250 255.255.0.0 (Connects to Router)
eth1: 10.120.2.250 255.255.0.0 (Reserved for a future project)
eth2: 172.16.1.6 255.255.0.0 (Connected to LAN)

This machine is our LAN's internet gateway, among other things. Another server on our network is connected to the company's LAN, and is our department LAN's gateway to the company network. My route has been configured, as shown below.
Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.115.0.0      172.16.xxx.xxx  255.255.0.0     UG    0      0        0 eth2
Unfortunately, none of the computers on our LAN are able to access the 10.115.0.0 network. This is what shows up in the firewall log:
Code:
Jul 20 01:21:56 automation kernel: Shorewall:FORWARD:REJECT:IN=eth2 OUT=eth2 SRC=172.16.x.x DST=10.xxx.x.xx LEN=106 TOS=0x00 PREC=0x00 TTL=127 ID=41313 PROTO=UDP SPT=1066 DPT=161 LEN=86
The routing work if I execute "shorewall clear", so I know I'm at the final hurdle. I've found information on how to Proxy ARP, but a lot of it isn't exactly clear to me or doesn't pertain to my situation. I could be wrong, though. I just need some help.

Thank you,
Chris

Last edited by chris.zeman; 07-21-2006 at 10:05 PM.
 
Old 07-20-2006, 05:57 PM   #2
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
Can you post your firewall rules? It's there that it's being stopped.
 
Old 07-20-2006, 06:39 PM   #3
chris.zeman
LQ Newbie
 
Registered: Jul 2006
Posts: 4

Original Poster
Rep: Reputation: 0
Sorry, I meant to include them and forgot.

Cyber is my local network.

Policy
Code:
Cyber   all     ACCEPT
vpn1    all     ACCEPT
vpn2    all     ACCEPT
vpn3    all     ACCEPT
vpn4    all     ACCEPT
vpn5    all     ACCEPT
Net     all     DROP    info
fw      all     ACCEPT
all     all     DROP    info
I know the last policy is causing the problem, because everything works if I change it to ACCEPT. I can't leave it like that because then all the attacks start coming in. I can't, for the life of me, figure out what policy I should write to make it work. I've tried every combination I can think of, including Cyber<->Cyber.


Rules
Code:
SECTION NEW

SSH/ACCEPT:info         all     $FW
SMTP/ACCEPT:info        Net     $FW
Web/ACCEPT:info         all     $FW
IMAP/ACCEPT:info        all     $FW
ACCEPT:info             Net     $FW                     tcp     xxxx,xxxx,xxxx,xxxx
DNAT:info               Net     Cyber:172.16.x.x:xxxx   tcp     xxxx
DNAT:info               Net     Cyber:172.16.x.x:xxxx   tcp     xxxx
ACCEPT:info             Net     $FW                     tcp     xxxx
ACCEPT:info             Net     $FW                     tcp     xxxxx

Last edited by chris.zeman; 07-21-2006 at 10:04 PM.
 
Old 09-19-2007, 01:53 PM   #4
neal860
LQ Newbie
 
Registered: Sep 2007
Posts: 1

Rep: Reputation: 0
Shorewall Interfaces

you need to add the following to the /etc/shorewall/interfaces file

#ZONE INTERFACE BROADCAST OPTIONS
loc eth0 detect routeback

where eth0 is the interface with your static route.

Hope this helps
 
  


Reply

Tags
forward, reject, routing, shorewall, static


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SHOREWALL Firewall Routing Problem cccc Linux - Security 8 03-07-2006 01:50 PM
Shorewall Routing Internet access issues Raidmax Linux - Newbie 0 11-15-2005 07:29 PM
Advanced Networking - Multiple gateways, routing question/shorewall micaheli Linux - Networking 2 09-30-2004 12:05 AM
Static Routing Troubles Rundi Linux - Networking 2 07-16-2004 11:38 AM
shorewall with 2 external static ips and DMZ gjmwalsh Linux - Networking 0 05-10-2004 09:31 PM


All times are GMT -5. The time now is 07:31 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration