Shorewall users - Apr 2003 - FW: Adding a static route in Shorewall

Hi Michael,

Once it was a pane in the neck for me to set this up as I had almost the same
problem.
First you have to find out in your Linux distribution where do you setup a
permanent route entry. I mainly use Mandrake, but it had changed the way it
handles this, but look at the file "/etc/sysconfig/static-routes", it
had a syntax similar to the command that you stated below without the route
command. Second look in "/etc/sysconfig/network-scripts/route-eth1"
and the syntax is like this: "192.168.10.0/24 via 192.168.23.1". If
this files don''t exist, create one of them. I think that the file
"/etc/sysconfig/network-scripts/ifup-route" is the one that specifies
where to look (one of the above files) for static routes. In earlier versions of
shorewall you have to add an option to the lan interface in the
"interfaces" file with the word "multi". I looked at the
lastest docs and this option doesn''t show any more, probably not
needed, and finally you have to create a policy (it depends the way you have
configured shorewall, I deny all the traffic in the policies and then allow it
by using rules) accepting traffic from Lan to Lan with or without info, if you
want to see what''s going on.
Maybe with the latest version you need some more tweaks, but surely anyone more
skilled then me can help you on, or better, Tom himself.

Hope this Helps,
Cheers
Joao Alexandre

Portugal


-----Original Message-----
From: Michael Alb?g Olsen [mailto:webmaster@powerline.dk]
Sent: quinta-feira, 3 de Abril de 2003 21:01
To: shorewall-users@lists.shorewall.net
Subject: [Shorewall-users] Adding a static route in Shorewall


I hope any of you shorewall freaks would be able to help me with my problem. 

First a little network description: 

I have two zones: 

WAN   net = eth0 (One IP address from my Internet Service Provider) 
LAN   loc = eth1 (192.168.23.0/24) 

Default gateway (the Internet) for the local clients are 192.168.23.2 (the IP 
address of eth1) 

I have used all the guides at the homepage of Shorewall, and thereby configured 
a fully working Firewall/NAT linux box, so the basic installation is works fine.

My problem is that I have a special application running on each client. The 
application is using an old Frame Relay line (192.168.23.1) to get connection 
to a shared database. 

So what I need is to add a static route on my Shorewall box (IP kernel routing 
table), like: 

rip:~# route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.23.1 eth1 

How do I implement this in the Shorewall configuration ?? 

I have tried to add it manually, but after that Shorewall REJECT packet coming 
from my client, when passing the Shorewall box. 

Best regards 
Michael Olsen 
Denmark
_______________________________________________
Shorewall-users mailing list
Post: Shorewall-users@lists.shorewall.net
Subscribe/Unsubscribe:
http://lists.shorewall.net/mailman/listinfo/shorewall-users
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm