-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 03/15/2017 02:56 PM, Adam Cécile wrote: > Hello, > > > I'm trying to configure a single host from my lan to be routed to > internet through a VPN connected on my shorewall router. All other > hosts are routed to internet directly. > > Sadly, I can't get that working... > > > The router is configured as: > > wan: 192.168.178.254, gw 192.168.178.1 (ISP to internet); with > SNAT > > tun99: 10.100.0.6, gw 10.100.0.1 (OpenVPN, internet with SNAT on > server-side, working fine if static routing is done) > > brlan: 10.1.0.254 > > > What I'm trying to achieve is that any 10.1.0.0/24 reach internet > through "wan" except 10.1.0.9 which is using "tun99" instead. > > > I tried the following: > > > snat: > > SNAT(192.168.178.254) 10.1.0.0/24 wan > > > providers: > > ISP 1 1 - wan 192.168.178.1 track - > VPN 2 2 - tun99 10.100.0.1 track - > > > rtrules: > > 10.1.0.0/24 - ISP 1000 > > 10.1.0.9/32 - VPN 1001 > > > Can you help me figuring out what's wrong ? > >
Reverse the priorities of the rules. - -Tom - -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJYyb7UAAoJEJbms/JCOk0Qjm4P/iA3cYz4/bwdjp8qiYvHh5BZ drAWLlkDwUxA9ySoG/z6BQu5OU/Fmwn59/wGlpF3BFaO+S4pFb4QEtxXgD5JqSA0 UQRLLD3vsWoW0lW5D/O87c38hJ2xm/CN99xlQrIVWx1KlKB8SDx8pzG1uqI82gGT 2Eei1dK/15kc3qgX6SJRzDP1edZtd/geZ7qfChw4+o5DRZ/0nhV10dlu6m4OcxAG ol9qE8eIwwb5HiSp0wSTkyxFVbv0uFs13h11kWYqWqKHyp6rK+SxQkYO6OVBc1ly YZWMqC3VHPP7gssuBQx2hkFZ4Pfc/XJnTxXhQBPYHOF24jFnOn3HliWhbClzmT11 42r2moy4WvdM8TesmIqSytk8/CEIJT3VKv9WiTkYgocQQQuZLMBUR/mCuGw+4xae BuMRfjnBJlWVt8NvGcgD3+OYr029DgG1nBDlSNOTaygOUAxBbIjeCD4P4GGffCSc F6LWiNr5L5qvVxO6VGsMluGkewNwb/Uir8OnShVUtdBYdd5o1cQjfmDo/bdDyML7 GDFMgsccb9/kn+LtCEUpTb2oV1IAw/23xANgXdkQJlxvCJ57zMlv+vLDLAcb1bvr 65+RsSs4TkfqlkSc4fHSXIIEN38Rza6aoIYiqNLKFq79Y1jwUqXTfYVoGydyR8LY lmVXF4j0+vJLLPYoKH+L =Sr/7 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
