Hello, I modified rtrules like this:
10.1.0.0/24 - ISP 1001 10.1.0.9/32 - VPN 1000 Now it's working as *expected* that the firewall itself get's Internet through VPN instead of ISP. Any hint ? Thanks in advance, Regards. On 03/16/2017 10:10 AM, Adam Cécile wrote: > Hello, > > Thanks for the answer. You mean switch 1000 and 1001 only right ? Does the > file lines order also matters ? > > Regards, Adam. > > On March 15, 2017 11:23:17 PM GMT+01:00, Tom Eastep <teas...@shorewall.net> > wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> On 03/15/2017 02:56 PM, Adam Cécile wrote: >>> Hello, >>> >>> >>> I'm trying to configure a single host from my lan to be routed to >>> internet through a VPN connected on my shorewall router. All other >>> hosts are routed to internet directly. >>> >>> Sadly, I can't get that working... >>> >>> >>> The router is configured as: >>> >>> wan: 192.168.178.254, gw 192.168.178.1 (ISP to internet); with >>> SNAT >>> >>> tun99: 10.100.0.6, gw 10.100.0.1 (OpenVPN, internet with SNAT on >>> server-side, working fine if static routing is done) >>> >>> brlan: 10.1.0.254 >>> >>> >>> What I'm trying to achieve is that any 10.1.0.0/24 reach internet >>> through "wan" except 10.1.0.9 which is using "tun99" instead. >>> >>> >>> I tried the following: >>> >>> >>> snat: >>> >>> SNAT(192.168.178.254) 10.1.0.0/24 wan >>> >>> >>> providers: >>> >>> ISP 1 1 - wan 192.168.178.1 track - >>> VPN 2 2 - tun99 10.100.0.1 track - >>> >>> >>> rtrules: >>> >>> 10.1.0.0/24 - ISP 1000 >>> >>> 10.1.0.9/32 - VPN 1001 >>> >>> >>> Can you help me figuring out what's wrong ? >>> >>> >> Reverse the priorities of the rules. >> >> - -Tom >> - -- >> Tom Eastep \ Q: What do you get when you cross a mobster with >> Shoreline, \ an international standard? >> Washington, USA \ A: Someone who makes you an offer you can't >> http://shorewall.net \________________________________________________ >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v2 >> Comment: GPGTools - http://gpgtools.org >> >> iQIcBAEBCAAGBQJYyb7UAAoJEJbms/JCOk0Qjm4P/iA3cYz4/bwdjp8qiYvHh5BZ >> drAWLlkDwUxA9ySoG/z6BQu5OU/Fmwn59/wGlpF3BFaO+S4pFb4QEtxXgD5JqSA0 >> UQRLLD3vsWoW0lW5D/O87c38hJ2xm/CN99xlQrIVWx1KlKB8SDx8pzG1uqI82gGT >> 2Eei1dK/15kc3qgX6SJRzDP1edZtd/geZ7qfChw4+o5DRZ/0nhV10dlu6m4OcxAG >> ol9qE8eIwwb5HiSp0wSTkyxFVbv0uFs13h11kWYqWqKHyp6rK+SxQkYO6OVBc1ly >> YZWMqC3VHPP7gssuBQx2hkFZ4Pfc/XJnTxXhQBPYHOF24jFnOn3HliWhbClzmT11 >> 42r2moy4WvdM8TesmIqSytk8/CEIJT3VKv9WiTkYgocQQQuZLMBUR/mCuGw+4xae >> BuMRfjnBJlWVt8NvGcgD3+OYr029DgG1nBDlSNOTaygOUAxBbIjeCD4P4GGffCSc >> F6LWiNr5L5qvVxO6VGsMluGkewNwb/Uir8OnShVUtdBYdd5o1cQjfmDo/bdDyML7 >> GDFMgsccb9/kn+LtCEUpTb2oV1IAw/23xANgXdkQJlxvCJ57zMlv+vLDLAcb1bvr >> 65+RsSs4TkfqlkSc4fHSXIIEN38Rza6aoIYiqNLKFq79Y1jwUqXTfYVoGydyR8LY >> lmVXF4j0+vJLLPYoKH+L >> =Sr/7 >> -----END PGP SIGNATURE----- >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
