Re: [Shorewall-users] Shorewall and routebacks with default gateway not on firewall

Tue, 24 Jun 2014 18:32:29 -0700 

On 6/24/2014 10:48 AM, Gerhard Wiesinger wrote:
> Hello,
> 
> I've the following configuration:
> Internet <=> Host with fixed IP <=> OpenVPN Tunnel <=> Firewall Host 
> with dynamic IP <=> DMZ
> 
> Firewall Host with dynamic IP isn't the gateway.
> 
> I've configured:
> 1.) "Host with fixed IP" a DNAT forward into the OpenVPN Tunnel (OK):
> SMTP(DNAT)      net             vpndmz:192.168.x.y
> SMTP(DNAT)      $FW             vpndmz:192.168.x.y
> 2.) "Firewall Host with dynamic IP" forward into the DMZ again:
> SMTP(DNAT)      vpndmz          dmz:192.168.x.y
> 
> Everything works fine except the shorewall rules on "Firewall Host with 
> dynamic IP".
> 
> Packets go from "Firewall Host with dynamic IP" to DMZ, responses from 
> DMZ go back to "Firewall Host with dynamic IP" but then they are not 
> routed into the OpenVPN Tunnel back again but to the default gateway 
> (which is of course not working).
> 
> I read already http://shorewall.net/MultiISP.html, 
> http://shorewall.net/PacketMarking.html and 
> http://shorewall.net/manpages/shorewall-route_rules.html and some other 
> sites but I still didn't get a working version.
> 
> What's the recommended way?
> Via mangle?
> Via multiple providers

Multiple providers. Review my recent email exchange with Michael Kress
who had a similar configuration.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to