PETER EASTHOPE wrote: > Folk, > > My network is described and illustrated here. > http://carnot.yi.org/NetworksPage.html > > To allow Cantor and Dalton, in the vpn zone connected to > Joule through tun0, to SMTP to my ISP, I tried this in > /etc/shorewall/masq. > #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC > MARK > eth0 tun0 > > Shorewall complains. > 07:21:58 Setting up Masquerading/SNAT... > 07:21:58 To 0.0.0.0/0 (all) from 172.23.4.0/24 through eth0 > 07:21:58 To 0.0.0.0/0 (all) from 172.23.5.0/24 through eth0 > ERROR: Unable to determine the routes through interface "tun0" > > As I understand, the routes specified in /etc/openvpn/myvpn > do not exist when shorewall starts. What is the conventional > solution?
Specify the SOURCE by IP address rather than by interface. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
