[Shorewall-users] Problem with Openvpn, Multiple ISP and Traffic Shaping

Tue, 10 Feb 2009 10:43:33 -0800 

Hi all,
I have a firewall with 4 ethernet interfaces:
eth0 and eth1 are two different ISP providers, eth2 is my local net and 
eth3 is the my DMZ. The interfaces eth4 and eth5 are not used yet.
Firewall is a Debian Linux "etch" with shorewall 4.0.11.
I have a simple configuration as described in the Shorewall 
Documentation Multi ISP.
I have also a little traffic shaping configuration to drive ssh packet 
in and out a specific ISP interface.
Now I'd like to install an Openvpn server because of few Roadwarrior 
users and I want to install it on the firewall.
I think I'm having a routing problem with this. VPN packet reach the 
Roadwarrior user from both the ISP interfaces, not always the same, 
causing packet to be rejected. I don't know if I have to tag also VPN 
packets or what else to let them to go through the same Interface all 
the time and any suggestion is appreciated :)
Here my configuration files.

providers:
#NAME   NUMBER  MARK    DUPLICATE       INTERFACE       GATEWAY         
OPTIONS         COPY
EU256   1       1       main    eth1                    62.94.175.33    
track,balance   eth2,eth3,eth4,eth5
EU512   2       2       main    eth0                    83.211.196.65   
track,balance   eth2,eth3,eth4,eth5

tcrules:
#MARK   SOURCE          DEST            PROTO   DEST    SOURCE  USER    
TEST    LENGTH  TOS
#                                               PORT(S) PORT(S)
1:P     eth2            0.0.0.0/0       all     -
1:P     eth3            0.0.0.0/0       all     -
#
3:F     eth1            192.168.2.203/24        tcp     22
# FTP per SMS
2:P     eth3:192.168.2.203      0.0.0.0/0       tcp     20,21

tcdevices:
#INTERFACE      IN-BANDWITH     OUT-BANDWIDTH
eth1            2000kbit        2000kbit
eth0            2000kbit        2000kbit
eth3            1000mbit        1000mbit

tcclasses:
#INTERFACE      MARK    RATE    CEIL    PRIORITY        OPTIONS
#
eth3            1       500kbit full    1       default
eth3            3       500kbit 1500kbit        2
# Ftp per SMS
eth0            2       200kbit 1500kbit        1       default
#
eth1            4       500kbit 1500kbit        1       default

Thanks for any help!
Daniele



------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to