Good morning, We have a second site and I have been using an entry in shorewall/routes to get there: main 10.0.68.0/22 10.1.10.248
Due to a link failure (of the 10.1.10 subnet) I tried to reroute via an openvpn tunnel which has a provider entry: cem01voy 12 - - tun5 10.20.0.137 loose I tried to use, in shorewall/rtrules: 10.1.0.0/24 10.0.68.0/22 cem01voy 109 $FW 10.0.68.0/22 cem01voy 110 I understood that rtrules numbered less than 999 would be processed before the main routing table. Indeed, the rule for origin 10.1.0.0/24 reroutes as I expected. However the second rule, for traffic originating on the firewall does NOT work. Removing the entry from shorewall/routes, traffic leaving the firewall gets processed against the balance table and still ignores rtrules. To achieve the rerouting I wanted it was necessary to change shorewall/routes (to: main 10.0.68.0/22 10.20.0.137). Is this normal? Why would it not process the rtrules entry for $FW? Thanks, Norm Henderson
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
