-------- Original Message --------
Subject: Re: shorewall.tgz
Date: Thu, 26 May 2011 18:35:25 -0700
From: Tom Eastep <teastep@shorewall.net>
To: Chris Morley <g18c@hotmail.com>
On 5/26/11 6:08 PM, Chris Morley wrote:>> Please add the ''loose'' option to the tun1 provider.
>>
>
> Hi, seems to have done the trick, shorewall dump now reports the routing
> table as:
...> Just gave it a try, and now it is indeed correctly routing with tcrules
> with masq performed on tun1! I don''t fully understand the loose
option,
> does this stop packets getting routed correctly with the openvpn tun1?
> Perhaps this explains the timeouts over tun1 with the previous config
> where loose was not defined.
The interpretation of ''loose'' is dependent on the setting of
USE_DEFAULT_RT.
When USE_DEFAULT_RT=No (the original case), ''loose'' inhibits
creation of
routing rules that send all traffic with a source address on the
interface from being routed out of the interface. The best application
is shown at http://www.shorewall.net/Shorewall_Squid_Usage.html#Local.
When USE_DEFAULT_RT=Yes (your setting), ''loose'' prevents the
provider
from being balanced into the default route (''balance'' is the
default
unless ''loose'' is specified). That is clearly what you needed.
> Either way, it is working superbly now. Thanks very much for the help.
Great!
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1