shorewall-users January 2012 archive
Main Archive Page > Month Archives  > shorewall-users archives
shorewall-users: Re: [Shorewall-users] Shorewall-users Digest, V

Re: [Shorewall-users] Shorewall-users Digest, Vol 68, Issue 10

From: Tom Eastep <teastep_at_nospam>
Date: Mon Jan 16 2012 - 01:39:11 GMT
To: Shorewall Users <>

On Jan 15, 2012, at 12:37 PM, Erik Mundall wrote:

> ... "The successor to 'norfc1918' is NULL_ROUTE_RFC1918=Yes in shorewall.conf."
> I have tried that, and the only pings I get back are from the subnet. I get the following response after trying to ping a known printer on my network that would otherwise have been accessible:
> ping
> connect: Network is unreachable is reached using the default gateway. So unless you use your distribution's IP configuration tools to create a specific route to that host via the default gateway, then NULL_ROUTE_RFC1918=Yes will drop packets to/from that host.

Erik, you can't have it both ways. You know that is an RFC 1918 host that is of interest to you, but nothing in the configuration reflects that knowledge (or you can add an entry to /etc/shorewall/routes). On the other hand, there is a route to, so that network is exempted from being excluded by NULL_ROUTE_RFC1918=Yes.


Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car \________________________________________________

RSA(R) Conference 2012
Mar 27 - Feb 2
Save $400 by Jan. 27
Register now!

Shorewall-users mailing list