I have a linux firewall problem. We're trying to connect two subnets together, both of which are local to eachother. For historical reasons they were never previously directly connected. Circumstances have changed, and we now want to route between them. Each subnet has its own firewall (as the default gateway) and each has vpn connections to other sites. We want full routing between all these subnets. We have a cisco router with two local ethernet interfaces set up with an appropriate routing table.
We have everything going properly except one piece: a Linux LEAF Bering firewall. Our linux person can't seem to find where to add the permissions needed to allow the firewall to allow routing across the cisco router between these "trusted" subnets.
From any computer on the working side, we can ping the linux firewall itself through the cisco; from the linux firewall, we can ping any computer through the cisco router. So I think the routing tables are fine.
However, we can't ping anything else on the linux firewall side through the cisco, or from a workstation on the linux firewall side through the cisco. In both cases, the firewall kills them, logging "shorewall forward: rejected". We can't seem to find where to add the subnets to a "trusted" list.
This is what my linux person is reporting we're running on the firewall:
Linux firewall 2.4.2
Bering Leaf Firewall v1.2
shorewall 1.4.2
iptables 1.2.8
ipsec 1.99.6.2 (Super Freeswan IPSEC)
Can anyone steer us in the right direction? I've not directly worked with that firewall before (though I've helped puzzle things out before), and have no idea where to start.
thanks,
-jk
Previous Topic
Index