Shorewall users - Apr 2011 - question about bridged opnevpn and shorewall

Hi to all ..

I am setting up for the first time a bridged openvpn sistem, folowing
the guide in the site, rised a question :

http://www.shorewall.net/OPENVPN.html

in the /etc/network/interfaces I must replace the config with this :

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
	address 172.16.0.253
	netmask 255.255.0.0
	network 172.16.0.0
	broadcast 172.16.255.255

# The bridged vpn network interface
iface br0 inet static
      pre-up /usr/sbin/openvpn --mktun --dev tap0
      pre-up /usr/sbin/brctl addbr br0
      address 172.16.0.2
      network 172.16.0.0
      broadcast 172.16.255.255
      netmask 255.255.0.0
      post-up /sbin/ip link set tap0 up
      post-up /usr/sbin/brctl addif br0 tap0
      post-up /sbin/ip link set eth0 up
      post-up /usr/sbin/brctl addif br0 eth0
      post-down /usr/sbin/brctl delbr br0
      post-down /usr/sbin/openvpn --rmtun tap0
      post-down /sbin/ip link set eth0 down

Or add another instance, like this :

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
	address 172.16.0.253
	netmask 255.255.0.0
	network 172.16.0.0
	broadcast 172.16.255.255

# The internet network interface
auto eth1
iface eth1 inet static
	address 186.201.43.11
	netmask 255.255.255.248
	gateway 186.201.43.9
	network 186.201.43.0

# The bridged vpn network interface
iface br0 inet static
      pre-up /usr/sbin/openvpn --mktun --dev tap0
      pre-up /usr/sbin/brctl addbr br0
      address 172.16.0.2
      network 172.16.0.0
      broadcast 172.16.0.255
      netmask 255.255.0.0
      post-up /sbin/ip link set tap0 up
      post-up /usr/sbin/brctl addif br0 tap0
      post-up /sbin/ip link set eth0 up
      post-up /usr/sbin/brctl addif br0 eth0
      post-down /usr/sbin/brctl delbr br0
      post-down /usr/sbin/openvpn --rmtun tap0
      post-down /sbin/ip link set eth0 down

Yes, my system is a Debian Squeeze, with the Roberto packages .

And yes, my local card is eth0 .


Thanks in advance ...


Fábio Rabelo

------------------------------------------------------------------------------
Benefiting from Server Virtualization: Beyond Initial Workload 
Consolidation -- Increasing the use of server virtualization is a top
priority.Virtualization can reduce costs, simplify management, and improve 
application availability and disaster protection. Learn more about boosting 
the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users