Shorewall users - Oct 2009 - Routing to VPN

I''m trying to route all traffic from a loopback interface (lo:0) to my
vpn interface (ppp0)

this is my zones file:

#ZONE   TYPE     OPTIONS                 IN                      OUT
#                                        OPTIONS                 OPTIONS
fw      firewall
net     ipv4
loc:net ipv4
vpn	ipv4
lob	ipv4

this is my interfaces file:
#ZONE   INTERFACE       BROADCAST       OPTIONS
net     eth0            255.255.255.0   dchp,routeback
vpn     ppp0            255.255.255.0   dhcp,routeback
lob     lo:0

I have the vpn set up in my tunnels file:
# TYPE                  ZONE    GATEWAY         GATEWAY
#                                               ZONE
pptpclient		net     0.0.0.0/0       vpn


This is the ifconfig for lo:0
lo:0      Link encap:Local Loopback
          inet addr:172.27.72.64  Mask:255.255.255.255
          UP LOOPBACK RUNNING  MTU:16436  Metric:1

Problem 1:

This configuration doesn''t work. I get the following error on startup:
ERROR: Invalid Interface Name: lo:0

Problem 2:
Assuming someone can help me with lo:0, I''d like to redirect all
traffic from lo:0 (zone lob) to ppp0 (zone vpn), and I''d like the
traffic to route back.
I know I can do something similar using providers, but I''ve had a lot
of trouble with them, I''d rather just bind programs to lo:0''s
IP
(172.27.72.64), and I don''t want them to not work at all if the
VPN''s
down.

Thanks for any help you can provide,

Joe Terranova

------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Joe Terranova wrote:
> I''m trying to route all traffic from a loopback interface (lo:0)
to my
> vpn interface (ppp0)
> 
> this is my zones file:
> 
> #ZONE   TYPE     OPTIONS                 IN                      OUT
> #                                        OPTIONS                 OPTIONS
> fw      firewall
> net     ipv4
> loc:net ipv4
> vpn	ipv4
> lob	ipv4
> 
> this is my interfaces file:
> #ZONE   INTERFACE       BROADCAST       OPTIONS
> net     eth0            255.255.255.0   dchp,routeback
> vpn     ppp0            255.255.255.0   dhcp,routeback
> lob     lo:0
>
> I have the vpn set up in my tunnels file:
> # TYPE                  ZONE    GATEWAY         GATEWAY
> #                                               ZONE
> pptpclient		net     0.0.0.0/0       vpn
> 
> 
> This is the ifconfig for lo:0
> lo:0      Link encap:Local Loopback
>           inet addr:172.27.72.64  Mask:255.255.255.255
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
> 
> Problem 1:
> 
> This configuration doesn''t work. I get the following error on
startup:
> ERROR: Invalid Interface Name: lo:0
This is working as designed -- see
http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html.
> 
> Problem 2:
> Assuming someone can help me with lo:0, I''d like to redirect all
> traffic from lo:0 (zone lob) to ppp0 (zone vpn), and I''d like the
> traffic to route back.
> I know I can do something similar using providers, but I''ve had a
lot
> of trouble with them, I''d rather just bind programs to
lo:0''s IP
> (172.27.72.64), and I don''t want them to not work at all if the
VPN''s
> down.
I know of no way to do that with Shorewall without using providers.
Because the providers file is the only way to configure routing with
Shorewall (other than a very limited feature of proxy ARP).

- -Tom
- --
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkrkws4ACgkQO/MAbZfjDLLRkACgwRsas4428KJeg0VPgM229c/M
d14An16XBvXjLvwU9EdcjJ4aYBDbl1WB
=xAC8
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference