On Tue, 2007-09-11 at 15:23 +0100, John Lewis wrote: > I think you have hit the nail on the head there. As I just posted if I > make the Openvpn interface the default route it works. > > So how do I get the desired effect?
You either have to SNAT the forwarded traffic (disgusting hack which makes all forwarded traffic appear to the server as if it originated on the Shorewall box), or you need to use policy routing on the remote system. In the latter case, it is helpful to have the server listening on a unique address (possibly configured on the 'lo' device) so that you can direct all traffic from that address to a routing table whose default route goes back through the VPN. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
