Thanks! I will try the new configuration tomorrow morning.
Can I put LAN and 10.0.0.0/8 in the same zone ("local") and then put some
conditional NAT like this?
(masq file)
#INTERFACE SUBNET ADDRESS PROTO PORT(S)
IPSEC
eth2 eth1 173.166.226.234
eth0:10.0.0.0/24 eth1 10.17.48.2
Have a nice day
GV
-----Original Message-----
From: Tom Eastep [mailto:[email protected]]
Sent: Monday, March 07, 2011 11:01 AM
To: [email protected]
Subject: Re: [Shorewall-users] Problem with VPN and multiISP configuration
with old shorewall
On 3/7/11 10:30 AM, Gianluca Varenni wrote:
> Tom,
>
> How do you suggest to configure shorewall, then?
> Consider that the traffic between LAN and 10.0.0.0/8 will still need
> to be NATted.
>
Then NAT it -- an interface doesn't have to be associated with a provider to
use NAT. Simply route 10.0.0.0/8 via whatever gateway is appropriate.
I would set up eth0 as a separate zone so you can use policies and rules
more conveniently to control access.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
