On 01/05/2013 02:40 PM, f q wrote: > Also, I think you want USE_DEFAULT_RT=Yes. I don't see how > USE_DEFAULT_RT=No can possiblly work here, since you have to be able to > route between the interfaces and both are provider interfaces. > > 1) I made the changes as you requested, and set "USE_DEFAULT_RT=Yes", > in /etc/shorewall/shorewall.conf. > 2) I issued a /sbin/shorewall restart to re-read the configuration > file (I'm not sure this is entirely required, but I wanted to be sure > the new changes were being reflected in the current running > configuration) > 3) Applied the configuration for the firewall, normal warnings: > Adding Providers... > WARNING: Interface tun0 is not usable -- Provider iPredator (2) not Started > WARNING: No Default route added (all 'balance' providers are down) > NOTICE: Default route restored > 4) Connected to OpenVPN > 5) Attempted to re-apply the firewall configuration, as before (no errors) > 6) Attempted pings to verify connection (they traversed the VPN correctly) > 7) Disconnected from the VPN, traffic then traversed my default > connection incorrectly.
Come on -- you have to be specific. Exactly what connection did you attempt that worked when you didn't believe that it should? Give the source iP address, the destination IP address, protocol and port (if appropriate). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122912
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
