Shorewall:
I have a two NIC system. Eth0 for the Internet, and eth1 for the LAN.
Shorewall is the firewall MASQ system. Works great.
Now I want to add VPN and bridging. So I get all the devices going:
br0 at 192.168.1.254 network 192.168.1.0/24
eth1
tap0
tap1
The interfaces seem to start OK. I can ping 192.168.1.254 from inside
the LAN. Now. What do I do to get Shorewall to do normal MASQing for
this setup? I have tried:
interfaces:
net eth0
- br0 detect routefilter
hosts:
loc br0:eth1
masq:
br0 eth0
And it does not work. I can worry about adding tab0 and tap1 later. For
now I just want to get it working as before, with all my new
interfaces. This way people can continue to use the LAN in a MASQ
environment.
Thanks,
Jason.
Jason C. Leach wrote:> Shorewall: > > I have a two NIC system. Eth0 for the Internet, and eth1 for the LAN. > Shorewall is the firewall MASQ system. Works great. > > Now I want to add VPN and bridging. So I get all the devices going: > > br0 at 192.168.1.254 network 192.168.1.0/24 > eth1 > tap0 > tap1 > > The interfaces seem to start OK. I can ping 192.168.1.254 from inside > the LAN. Now. What do I do to get Shorewall to do normal MASQing for > this setup? I have tried: > > interfaces: > net eth0 - br0 detect routefilter > > hosts: > loc br0:eth1 > > masq: > br0 eth0 > > And it does not work.Of course it doesn''t -- your''s masquerade entry is backwards. In fact, you should have been getting warnings during "shorewall start" saying that the default route was being ignored while setting up masquerading. You want: /etc/shorewall/masq: eth0 br0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net