Tom Eastep wrote:
John McMonagle wrote:
Finally have a shorewall 4.0.5 system running with multiple isps and
ipsec vpns.
Looking good so far :-)
Have a few questions.
I have the following in start:
ip rule delete prio 200 table 200
ip route del table 200
ip route add 192.168.0.0/16 via 192.168.2.254 dev eth0 table 200
ip rule add prio 200 table 200
.....................................
192.168.0.0/16 is the net of all the vpns
192.168.2.254 is the ip of the local network interface.
This allows outgoing traffic to the vpn from the firewall.
Is there a shorewall way to do this?
Yes -- but why don't you simply put those in the eth0 stanza in
/etc/network/interfaces as a series of post-up and pre-down commands? They
have nothing to do with the firewall configuration.
And I don't see why it needs to be a separate routing table? Why not just
add the route to the main table?
Or better yet, why do you need it at all? I assume that your default route
is out of eth0.
-Tom
------------------------------------------------------------------------
The default routes are eth1 and eth2.
Without that rule if the destination is via vpn it will use an external ip.
Then return packets will fail because they will not go via vpn.
Yes probably a bit over kill with the rule.
Just want to make sure it came before the default route.
John
begin:vcard
fn:John McMonagle
n:McMonagle;John
org:Advocap Inc
adr;dom:;;2929 Harrison St;Oshkosh;WI;54936
email;internet:[EMAIL PROTECTED]
title:IT Manager
tel;work:920-426-0150
x-mozilla-html:FALSE
url:http://www.advocap.org
version:2.1
end:vcard
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
