Vieri Di Paola wrote: >Can a shorewall bridge (with management IP address) be used as a >host's default gateway? > >HOST1 in loc/lan zone (10.215.146.89) -> Shorewall bridge >(10.215.144.91) -> Gateway (10.215.144.90) > >Suppose I need to do a quick network change and I can't update the >hundreds of HOSTs in the loc/lan zone which all have 10.215.144.91 >as default gateway. >So hosts in the loc zone need to keep "default gw 10.215.144.91". > >Also, suppose that the gateway at 10.215.144.90 cannot be changed >either, so its IP address needs to be 10.215.144.90 and I cannot add >an alias IP addr. 10.215.144.91.
There's a lot to be said for using a virtual address for the gateway and running no other services on that IP - that avoids the situation you find yourself in. To minimise future problems, you might consider adding an alias IP to the gateway (10.215.144.90) - 10.215.144.1 or 10.215.144.254 would be logical choices if they aren't already in use - and then as you fix up the local hosts, point them to this alias IP. If you need to change things in the future, you can assign the alias IP to another device without affecting other services. But yes, you can do it as you've sketched, you need to set the routeback flag so that the shorewall machine can route packets back out through the same interface they came in through. Inbound packets will not take this route (in and out of the shorewall machine) - the gateway at 10.215.144.90 will pass them directly to the host. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
