This system (Dom0) has multiple interfaces:
eth0: external
br0: internal - subnet1 (private IP connects to DomU's)
eth3: internal
- subnet2 (private IP)
- subnet3 (public IP)

SuSEfirewall2 configuration
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_NETS= private IP subnets
FW_TRUSTED_NETS= all MY subnets
FW_FORWARD= configured appropriately including subnet2 <--> subnet3

Networking was working pretty much as expected except there was no
communication between subnet2 and subnet3. I assumed this was because
they are on the same interface and routing is -between- interfaces.

/etc/sysconfig/SuSEfirewall2 states:
> ## Type: string
> ## Default:
> #
> # 33.)
> # Bridge interfaces without IP address
> #
> # Traffic on bridge interfaces like the one used by xen appears to
> # enter and leave on the same interface. Add such interfaces here in
> # order to install special permitting rules for them.
> #
> # Format: list of interface names separated by space
> #
> # Note: this option is deprecated, use FW_FORWARD_ALLOW_BRIDGING
> instead
> #
> # Example:
> # FW_FORWARD_ALWAYS_INOUT_DEV="xenbr0"
> #
> FW_FORWARD_ALWAYS_INOUT_DEV=""


Since FW_FORWARD_ALLOW_BRIDGING was already set to "yes", I resolved
this routing issue by setting FW_FORWARD_ALWAYS_INOUT_DEV="eth3". But
eth3 is not really a bridge and this option is depreciated. Is there
another way to make this work, other than by assigning each subnet to
its own interface, or is this configured correctly?


--
Kevin Boyle
If you find this post helpful, please click on the star below!
------------------------------------------------------------------------
KBOYLE's Profile: http://forums.novell.com/member.php?userid=19359
View this thread: http://forums.novell.com/showthread.php?t=448535