On 2023-01-19 13:11, Shorewall via Shorewall-users wrote:
On 2023-01-19 11:31, Justin Pryzby wrote:
On Thu, Jan 19, 2023 at 08:28:00AM -0700, Shorewall via
Shorewall-users wrote:
On 2023-01-18 23:52, Simon Matter wrote:
> Hi,
>
> > I am trying to route traffic from LOC to a network I have configured in
> > the routes file.
>
Everything in LOC has the firewall running shorewall configured as
the
Default Gateway. Also, as mentioned in the original post with the
entry in
the routes file routing works as expected from the firewall. Also
mentioned
in the original post, is when everything is allowed in shorewall via
the
entry in the policy file, everything routes as expected from the LOC
network. To me this says that "routing" works but the firewall is
blocking.
I may be wrong, but that is the assumption I am making since I have
actually
made a connection from LOC to the network exposed in kubernetes
network. I
am assuming I need a RULE to allow the traffic to pass, but since the
kubernete network is not a ZONE, I am not really sure how that would
look.
Find where your kernel logfile is (/v/l/messages?) and see what it
says
when the packets are being rejected. It ought to indicate the source
and dest zones. Add the necesary things to ./rules.
If you're trying to connect loc=>loc, then you need "routeback"
Shorewall:FORWARD:REJECT: IN=enp1s5 OUT=enp1s5
Above is the shorewall log for blocking the connection. Of course I
have truncated the actual MAC/IP/PORTS etc...
Do I need some type of forwarding rule?
As suggested earlier, by adding routeback=1 in the shorewall interfaces
file for the interface that is the LOC zone, allowed the traffic. Now
the connection is working.
Is there anything negative to be concerned with when adding this option?
Thank You.
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
