On Sat, 2011-09-24 at 17:14 +0200, Mark van Dijk wrote: > I have two questions. > > The first: I have a box that has eth0, tun0, tun1 and ppp0, where tun0 > and tun1 are VPN clients and ppp0 is a gateway. I would like the box to > use eth0 for all its own defaultroute, but the vpn clients must use > ppp0 as the defaultroute. How can I accomplish this?
See http://www.shorewall.net/MultiISP.html. > > Second question for a different box (xen dom0): I want to add rules for > certain public IPs that have the form of iptables -t mangle -d $dest -j > TTL --ttl-inc 1 -- this would hide the firewall from traceroute etc. to > domU's. How can this be done? You will have to use an Action that either has an associated extension script or that uses BEGIN PERL...END PERL and generates the rule in Perl. /usr/share/shorewall/action.Invalid would be a good example to follow. See also http://www.shorewall.net/Actions.html. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
