-------- Original Message -------- Subject: Re: shorewall.tgz Date: Thu, 26 May 2011 18:35:25 -0700 From: Tom Eastep <[email protected]> To: Chris Morley <[email protected]>
On 5/26/11 6:08 PM, Chris Morley wrote: >> Please add the 'loose' option to the tun1 provider. >> > > Hi, seems to have done the trick, shorewall dump now reports the routing > table as: ... > Just gave it a try, and now it is indeed correctly routing with tcrules > with masq performed on tun1! I don't fully understand the loose option, > does this stop packets getting routed correctly with the openvpn tun1? > Perhaps this explains the timeouts over tun1 with the previous config > where loose was not defined. The interpretation of 'loose' is dependent on the setting of USE_DEFAULT_RT. When USE_DEFAULT_RT=No (the original case), 'loose' inhibits creation of routing rules that send all traffic with a source address on the interface from being routed out of the interface. The best application is shown at http://www.shorewall.net/Shorewall_Squid_Usage.html#Local. When USE_DEFAULT_RT=Yes (your setting), 'loose' prevents the provider from being balanced into the default route ('balance' is the default unless 'loose' is specified). That is clearly what you needed. > Either way, it is working superbly now. Thanks very much for the help. Great! -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
