Hi list. I'm trying to modify our current shorewall configuration (based on 3.2.6) to support an additional ISP *without* balancing and I have problems with the VPN.
Here is the old, working, setup Eth1: LAN interface. Has 3 IPs (192.168.77.253/24, 192.168.78.254/24, 192.168.80.253/24). Eth2: WAN interface. On the same firewall I run pptpd for external users to access LAN 192.168.77.0/24. The pptpd server assigns addresses in the 192.168.77.0/24 network. What I'm trying to do is adding a second "ISP" on eth0: Eth0: 10.17.48.2/23 The rule for routing is that shorewall should use eth0 *only* for traffic to 10.0.0.0/8. All the other traffic should go thru eth2. I followed the directions for multiISP here http://www.shorewall.net/MultiISP.html and tried to disable balance with this http://www.shorewall.net/FAQ.htm#faq58 The result is that the traffic from LAN is correctly routed to eth0 or eth2. However the VPN is not working anymore: I can connect to the VPN server, but I cannot ping any host in LAN 192.168.77.0/24 properly. I've attached the output of shorewall dump. I'm trying to ping 192.168.77.250 from 32.174.168.137 and don't see echo reply. If I sniff eth1, I see the echo replies from 192.168.77.250. If I look at ppp0, I only see the echo requests. Thanks in advance GV
ping_250.txt.gz
Description: Binary data
------------------------------------------------------------------------------ What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
