Hi. I have some clients that uses a Shorewall system as default gateway on the LAN network 192.168.1.0/24. The Shorewall system has a static route that redirect requests to 192.168.10.0/24 to the gateway 192.168.1.253, and it works of course. How I can let all clients on 192.168.1.0/24 go to 192.168.10.0/24 through 192.168.1.253 using Shorewall as default gateway and without setting up a static route on each client? Thank you very much! Bye. ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
shacky wrote:> Hi. > > I have some clients that uses a Shorewall system as default gateway on > the LAN network 192.168.1.0/24. > The Shorewall system has a static route that redirect requests to > 192.168.10.0/24 to the gateway 192.168.1.253, and it works of course. > How I can let all clients on 192.168.1.0/24 go to 192.168.10.0/24 > through 192.168.1.253 using Shorewall as default gateway and without > setting up a static route on each client? >Please take a look at http://www.shorewall.net/Multiple_Zones.html; that article covers a configuration like yours. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
shacky wrote:>I have some clients that uses a Shorewall system as default gateway on >the LAN network 192.168.1.0/24. >The Shorewall system has a static route that redirect requests to >192.168.10.0/24 to the gateway 192.168.1.253, and it works of course. >How I can let all clients on 192.168.1.0/24 go to 192.168.10.0/24 >through 192.168.1.253 using Shorewall as default gateway and without >setting up a static route on each client?As long as your routing is set up correctly (as it is) on the default gateway AND you have not blocked the relevant ICMP-Redirect messages AND you have rules/policies that allow the packets through, then it should "just work". Your shorewall box will simply send the packets out via the correct router. See also this page : http://linux-ip.net/html/routing-icmp.html Even if you block the ICMP-Redirect messages, packets should still make it through, it''s just that your default router will have to keep forwarding all the outbound packets if it can''t tell the clients the better router to use. ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
Simon Hobson wrote:> shacky wrote: > >> I have some clients that uses a Shorewall system as default gateway on >> the LAN network 192.168.1.0/24. >> The Shorewall system has a static route that redirect requests to >> 192.168.10.0/24 to the gateway 192.168.1.253, and it works of course. >> How I can let all clients on 192.168.1.0/24 go to 192.168.10.0/24 >> through 192.168.1.253 using Shorewall as default gateway and without >> setting up a static route on each client? > > As long as your routing is set up correctly (as it is) on the default > gateway AND you have not blocked the relevant ICMP-Redirect messages > AND you have rules/policies that allow the packets through, then it > should "just work". Your shorewall box will simply send the packets > out via the correct router. > > See also this page : > http://linux-ip.net/html/routing-icmp.html > > > Even if you block the ICMP-Redirect messages, packets should still > make it through, it''s just that your default router will have to keep > forwarding all the outbound packets if it can''t tell the clients the > better router to use.''routeback'' is required on the local interface in order for this to work; with or without ICMP-Redirect messages being available. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev