On Sun, Mar 26, 2006 at 12:57:10PM -0800, Marius M
wrote:> Hello all,
>
> I have a linux router with 2 interfaces(eth0 - ISP and
> eth1 - LAN). I''ve established a VPN
> connection(openvpn) over eth0 with a friend of mine =>
> tun0 interface.
>
> I want half of my LAN to have Internet access through
> the eth0 interface and the other half through the tun0
> interface.
>
> I''ve set up a script like the "load balancing split
> access" instructions in the lartc howto, but it
> doesn''t work. Here''s the important part of the script:
>
> ip route add $P1_NET dev $IF1 src $IP1 table T1
> ip route add default via $P1 table T1
> ip route add $P2_NET dev $IF2 src $IP2 table T2
> ip route add default via $P2 table T2
>
> ip route add $P1_NET dev $IF1 src $IP1
> ip route add $P2_NET dev $IF2 src $IP2
>
> ip rule add from $IP1 table T1
> ip rule add from $IP2 table T2
>
> Note that ping works over the tunnel, over the
> subnets, but the users on my LAN can''t have Internet
> connectivity through eth0 or tun0.
>
> My firewall has only this rule:
> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o
> eth0 -j MASQUERADE
You will need to use SNAT to the interface address
mail me offline if you want a copy of my scripts for setting up the
firewall and ip & tc
Alex
> I''ve changed eth0 with tun0 and I doesn''t work either.
>
> What can be done to fix this problem?
>
> Thanks in advance,
> M.
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
> protection around
> http://mail.yahoo.com
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc