Multiple Internal Networks not Routing
Hi, Hoping someone can point out my mistake here! I have SuSE 9.0 running with 3 NICS (eth0=internet, eth1=192.168.0.0/16, and eth2=10.62.56.0/24). Everything with the internet is working great. The problem is routing traffic between eth1 and eth2. I've set both networks as trusted, set FW_FORWARD, and enabled FW_ALLOW_CLASS_ROUTING. Nothing has seemed to work. Posted is also a copy of my /etc/sysconfig/SuSEfirewall2. I'd like to allow all traffic between these 2 networks. Any ideas? ------------------------------------------------------------------- FW_QUICKMODE="no" FW_DEV_EXT="eth0" FW_DEV_INT="eth1 eth2" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.65.224/27 10.62.56.0/24 192.168.0.0/16,<mail server ip>/32 10.62.56.0/24,<mail server ip>/32" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="http https ssh" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_SERVICES_QUICK_TCP="" FW_SERVICES_QUICK_UDP="" FW_SERVICES_QUICK_IP="" FW_TRUSTED_NETS="192.168.0.0/16 10.62.56.0/24" FW_ALLOW_INCOMING_HIGHPORTS_TCP="no" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="yes" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="yes" FW_SERVICE_SQUID="yes" FW_SERVICE_SAMBA="no" FW_FORWARD="192.168.0.0/16,10.62.56.0/24,tcp,1:65535 10.62.56.0/24,192.168.0.0/16,tcp,1:65535 \ 192.168.0.0/16,10.62.56.0/24,udp,1:65535 10.62.56.0/24,192.168.0.0/16,udp,1:65535 \ 192.168.0.0/16,10.62.56.0/24,icmp 10.62.56.0/24,192.168.0.0/16,icmp" FW_FORWARD_MASQ="0/0,192.168.65.227,tcp,5800 0/0,192.168.65.227,tcp,5900 \ 0/0,192.168.65.227,tcp,5632 0/0,192.168.65.227,udp,5632" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="yes" # Jason Dobbs FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="yes" # Jason Dobbs FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="yes" FW_CUSTOMRULES="" FW_REJECT="no" FW_HTB_TUNE_DEV="" ----------------------------------------------------------------------------------- -- Thank You, Jason Dobbs . IT Manager Westin Casuarina Casino Las Vegas
Hi Jason what is your routing table looking like ? post route -nv back here are you routing at all ? (set ip_forward=yes in YAST) other comments inline ... Jason Dobbs schrieb:
--SNIP ---
FW_MASQ_NETS="192.168.65.224/27 10.62.56.0/24 192.168.0.0/16,<mail server ip>/32 10.62.56.0/24,<mail server ip>/32"
----------------------------------^ this ----------------------------------and this ^ is redundant, 192.168.65.224/27 is completely contained in 192.168.0.0./16 network, which means all 192.168."something" nets ... you know that normally 192.168.x.y net is a /24-type network and a 10.x.y.z has a /16 type mask ?? --SNIP--
FW_FORWARD="192.168.0.0/16,10.62.56.0/24,tcp,1:65535 10.62.56.0/24,192.168.0.0/16,tcp,1:65535 \ 192.168.0.0/16,10.62.56.0/24,udp,1:65535 10.62.56.0/24,192.168.0.0/16,udp,1:65535 \ 192.168.0.0/16,10.62.56.0/24,icmp 10.62.56.0/24,192.168.0.0/16,icmp" FW_FORWARD_MASQ="0/0,192.168.65.227,tcp,5800 0/0,192.168.65.227,tcp,5900 \ 0/0,192.168.65.227,tcp,5632 0/0,192.168.65.227,udp,5632"
what are you trying to do here ? If routing just doesn't work then forwarding doesn't help that much ... I think something different is causing your troubles than missing entries here, seems you did to much of a work, it is normally quite simple, what you try to do :-) Regards from Germany, Philipp
participants (2)
-
Jason Dobbs
-
Philipp Rusch