Tom, How do you suggest to configure shorewall, then? Consider that the traffic between LAN and 10.0.0.0/8 will still need to be NATted.
Have a nice day GV -----Original Message----- From: Tom Eastep [mailto:[email protected]] Sent: Monday, March 07, 2011 10:18 AM To: [email protected] Subject: Re: [Shorewall-users] Problem with VPN and multiISP configuration with old shorewall On 3/7/11 9:15 AM, Gianluca Varenni wrote: > Hi list. > > I'm trying to modify our current shorewall configuration (based on > 3.2.6) to support an additional ISP *without* balancing and I have > problems with the VPN. > > Here is the old, working, setup > > Eth1: LAN interface. Has 3 IPs (192.168.77.253/24, 192.168.78.254/24, > 192.168.80.253/24). > Eth2: WAN interface. > > On the same firewall I run pptpd for external users to access LAN > 192.168.77.0/24. The pptpd server assigns addresses in the > 192.168.77.0/24 network. > > What I'm trying to do is adding a second "ISP" on eth0: > Eth0: 10.17.48.2/23 > The rule for routing is that shorewall should use eth0 *only* for > traffic to 10.0.0.0/8. If it is only for traffic to 10.0.0.0/8, then it doesn't need to be a provider at all. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
