Ville Walveranta wrote: > Re-added it like this: > $LAN2_IF 172.16.0.0/24 10.0.0.253 > Now it should change the addresses for the connections originating from LAN1 > and destined to LAN2, to 10.0.0.253 (which is the Shorewall server address).
You may want to have a think about that, and perhaps discuss it with other if systems on LAN2 are managed by other people. First problem is that all connections appear to come from one address, which makes diagnosis of problems more difficult. Second, there are some setups where it breaks things. At work they decided that they'd force the devs to use a VPN to access (Windows) servers on our 'backend' network. Then they came to me complaining that "the network is broken". After much head scratching, it turns out that the VPN drops if anoher connection comes in from the same address. So if two devs were working, their VPN clients would constantly drop and reconnect. I tried setting up all the routing to remove the NAT, but unfortuntely there's a Zyxel ZyWall in the loop that refuses to play ball with the triangular routing we end up with. So if everything works fine without NAT, then I'd run it without NAT. The only problem would be if on the LAN2 side of things there is another 172.16.0/24 network (or overlap). ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_jan _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
