shorewall prevents routing from protected zone entities to other protected zone entities

view full story

http://serverfault.com – I'm using shorewall as the firewall and gateway for a production site. The site also has a couple of VPNs running into it that are hosted on a different server on the same site (in the protected zone). My setup for the servers on the site (in the protected zone) is to have the shorewall gateway as their default gateway and when they need to access resources on the other side of a VPN tunnel then the gateway will route the traffic to the local VPN endpoint (after subjecting it to firewall rules, of course) - so the traffic basically goes in through to the protected zone interface and gets rou (HowTos)