I tried adding eth0 to the local zone and the following masq file: #INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC eth0:10.0.0.0/8 192.168.77.0/24 10.17.48.2 eth2 192.168.77.0/24 173.166.226.234
but it didn't work. I was trying to ping from 192.168.77.110 to 10.17.48.1, and what I was seeing on eth0 was non-masquerated packets. Could it be because I'm trying to SNAT between two RFC1918 networks? Have a nice day GV -----Original Message----- From: Tom Eastep [mailto:[email protected]] Sent: Monday, March 07, 2011 6:10 PM To: [email protected] Subject: Re: [Shorewall-users] Problem with VPN and multiISP configuration with old shorewall On 3/7/11 4:16 PM, Tom Eastep wrote: > On 3/7/11 2:05 PM, Gianluca Varenni wrote: >> Thanks! I will try the new configuration tomorrow morning. >> >> Can I put LAN and 10.0.0.0/8 in the same zone ("local") and then put >> some conditional NAT like this? >> >> (masq file) >> #INTERFACE SUBNET ADDRESS PROTO PORT(S) >> IPSEC >> eth2 eth1 173.166.226.234 >> eth0:10.0.0.0/24 eth1 10.17.48.2 > > Yes. Although, I would replace 'eth1' with the network attached to eth1. This is clearly an old configuration where the second column is called SUBNET. It is now called SOURCE and specifying an interface name in that column is deprecated with a warning. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
