[Firehol-support] Firehol router command when inface and outface the same
Whit Blauvelt
whit at transpect.com
Wed Jun 17 17:27:23 BST 2015
Hi,
I have a somewhat strange LAN layout, where the main LAN has more than one
external firewall. In this case an OpenVPN server is on one firewall (not
firehol), while a different firewall (firehol) is among other things the
default NAT gateway for several other VLANs on a VMware server sitting on
the LAN.
When traffic comes in via OpenVPN destined for VMs on those VMware VLANs,
the default route back hits the firehol firewall, which as a route to send
the traffic onward to the OpenVPN server. In non-firehol iptables setups
this would work. In this case though, even with
interface4 eth0 LAN
client all accept
server all accept
and
router4 lan2vpn inface eth0 outface eth0
server all accept
traffic coming from the VMware VLANs gets blocked by the firehol rules.
Jun 17 12:24:42 systemname kernel: [29194586.424759] PASS-unknown:IN=eth0
OUT=eth0 MAC=00:19:b9:f9:9e:de:00:00:5e:00:01:c0:08:00 SRC=192.168.1.254
DST=10.50.30.174 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=23980 PROTO=ICMP TYPE=0
CODE=0 ID=23798 SEQ=18
Is this something firehol can't handle that I should code for by hand, if I
want to solve it here?
Whit
More information about the Firehol-support
mailing list