On Wed, 2007-02-07 at 12:34 -0800, Tom Eastep wrote: > > The thing is, routing protocols have been around for a long time and > together with routing daemons, provide a means for modifying your routing > dynamically.
Right. I guess, just as shorewall provides a nice front-end for
iptables, I just wonder if there is room to encapsulate the
configuration for this routing within shorewall too.
> If you want a less expensive option, you could also use a OpenVPN features
> like --route-up to add the route to your provider-specific table when the a
> connection is made.
Yeah, that is one of the options I am mulling over. :-)
> That piece of advice goes on to say:
>
> If you don't heed this advice then be prepared to read FAQ 57 and
> FAQ 58
Right. 58 is just a solution. 57 seems to indicate the kind of problem
one could run into:
If you don't do that so that your main routing table only has
one default route, then you must disable route filtering. Do not
specify the routefilter option on the other interface(s)
in /etc/shorewall/interfaces and disable any IP Address Spoofing
protection that your distribution supplies.
I guess the situation that having routefiltering and/or IP Address
Spoofing protection enabled and causing problems is escaping me. The
only situation I can think of is where a locally generated packet gets
it's source IP assigned the non-default interface address, but there are
already masq'ing rules in place to fix that up.
> Have you done that?
I had and have been using the 58 method.
b.
--
My other computer is your Microsoft Windows server.
Brian J. Murrell
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
