On 3/7/11 4:16 PM, Tom Eastep wrote:
> On 3/7/11 2:05 PM, Gianluca Varenni wrote:
>> Thanks! I will try the new configuration tomorrow morning.
>>
>> Can I put LAN and 10.0.0.0/8 in the same zone ("local") and then put some
>> conditional NAT like this?
>>
>> (masq file)
>> #INTERFACE SUBNET ADDRESS PROTO PORT(S)
>> IPSEC
>> eth2 eth1 173.166.226.234
>> eth0:10.0.0.0/24 eth1 10.17.48.2
>
> Yes.Although, I would replace 'eth1' with the network attached to eth1. This is clearly an old configuration where the second column is called SUBNET. It is now called SOURCE and specifying an interface name in that column is deprecated with a warning. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
