Hi chaps and thanks for the replies.
Actually it will be more than one host and what gets routed through tun1 is
dependent on mac-address (or at least in my original script) and also source IP
address, and i will need to masquerade on this 'tun1' connection.
My current openvpn up script is below:
# add iptables rules
iptables -A FORWARD -o tun1 -j ACCEPT
iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE
ip rule add fwmark 1 table 1
ip route add default dev tun1 table 1
iptables -t mangle -A PREROUTING -s 192.168.69.247 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -m mac --mac-source 00:40:4C:24:84:1C -j MARK
--set-mark 1
I would like to integrate this all into Shorewall script system as close as
possible.
Tom I have sent you the dump with tun1, not sure why it wasn't in the original.
Many thanks,
Chris
From: [email protected]
Date: Sat, 14 May 2011 15:05:49 -0700
To: [email protected]
CC: [email protected]
Subject: Re: [Shorewall-users] Multi-ISP over tun not working
On May 14, 2011, at 2:56 PM, [email protected] wrote:
Hi Mike, I have done that with my original openvpn config, in the upscript it
adds forwarding rules dependent on MAC address and source IP. I didn't know if
these raw iptables rules would work with the iptables rules shorewall
generates. It sounds like an option and if you have further suggestions would
be much appreciated.
Depends on what your rules are doing.
I do also like to learn and also interested if the original plan of using multi
isp is possible or not.
Well, if you only want one host to use the alternate provider, I would not
specify either 'track' or 'balance' for it.
-Tom
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability What every C/C++ and
Fortran developer should know. Learn how Intel has extended the reach of its
next-generation tools to help boost performance applications - inlcuding
clusters. http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________ Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
