I think what you need to do is to add a static route, not in shorewall, but in the linux networking. You can do this either via the Administration-Network GUI, if you are running a windowed environment, or via the "route" command if you are in a terminal window (need root password, either way)
The reason for this is that the router running shorewall has to know that, to get to subnet "a" (the new subnet), it has to pass traffic *through* subnet "b" (the old subnet), and that's a routing function, not a firewall function
HTH
JB
|