[EMAIL PROTECTED] schrieb:
Hi,
We have a shorewall firewall running on SUSE 10. We have three nic's, Lan, DMZ and Internet. We also have a Cisco Pix 506e. We moved from sending all our traffic through the pix to using the Suse box yesterday. The PIX is in the DMZ, with a connection to the LAN switch, the idea being that VPN users can connect to the pix to the lan.
The Pix is on the 10.0.1.x subnet, the lan is 192.168.1.x
On the LAN the pix is 192.168.1.4, the gateway server is 192.168.1.1
VPN users get a 192.168.2.x ip address when they connect
VPN users, coming in from the internet are able to connect to the pix. But they cannot get to any address on our LAN. A support call with Cisco resulted in a recommendation that we either go to every machine on our LAN and add a static "route 192.168.2.1 mask 255.255.255.0 192.168.2.4 metric 1" or simply add it to our gateway machine.
We've tried to add it to our gateway machine and have been unsucessfull in doing anything other than allowing vpn users to see the gateway machine on the LAN. Perhaps we are using the wrong syntax in adding a static route?
What is the correct command, and syntax, and once it is working, what is the method to make it persistant across reboots? On a PC there is a command line switch in the route command to add persistance across reboots.
Thanks,
Joel
Hi Joel,
if you are not so familiar with adding routes to your SuSE box, I
suggest you use YAST
to do this kind of task. Just enter "yast" on any command line, go to
"Network Services"
(I have to guess here, because I am using the german version, but I
think you will get it)
then select "Forwarding". You will see a dialogue, where you should
select "Expert Conf.",
then you will be able to add static (=permanent) routes.
HTH, regards from Germany,
--
Mit freundlichen Grüßen,
Philipp Rusch
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users