Folk, My network is described and illustrated here. http://carnot.yi.org/NetworksPage.html To allow Cantor and Dalton, in the vpn zone connected to Joule through tun0, to SMTP to my ISP, I tried this in /etc/shorewall/masq. #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK eth0 tun0 Shorewall complains. 07:21:58 Setting up Masquerading/SNAT... 07:21:58 To 0.0.0.0/0 (all) from 172.23.4.0/24 through eth0 07:21:58 To 0.0.0.0/0 (all) from 172.23.5.0/24 through eth0 ERROR: Unable to determine the routes through interface "tun0" As I understand, the routes specified in /etc/openvpn/myvpn do not exist when shorewall starts. What is the conventional solution? Thanks, ... Peter E. -- http://members.shaw.ca/peasthope/ http://carnot.yi.org/ = http://carnot.pathology.ubc.ca/ ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
PETER EASTHOPE wrote:> Folk, > > My network is described and illustrated here. > http://carnot.yi.org/NetworksPage.html > > To allow Cantor and Dalton, in the vpn zone connected to > Joule through tun0, to SMTP to my ISP, I tried this in > /etc/shorewall/masq. > #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK > eth0 tun0 > > Shorewall complains. > 07:21:58 Setting up Masquerading/SNAT... > 07:21:58 To 0.0.0.0/0 (all) from 172.23.4.0/24 through eth0 > 07:21:58 To 0.0.0.0/0 (all) from 172.23.5.0/24 through eth0 > ERROR: Unable to determine the routes through interface "tun0" > > As I understand, the routes specified in /etc/openvpn/myvpn > do not exist when shorewall starts. What is the conventional > solution?Specify the SOURCE by IP address rather than by interface. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
Reasonably Related Threads
- Improvements in shorewall-interfaces.man & etc.
- clarification on ipsec and masqing
- two internet connections don''t appear to be masqing
- behaviour of xls2sep when running read.xls (package gdata) sinceupgrade of R
- problem with rJava : same as message from wwreith on Mon, 27 Jun 2011