Our setup: server running shorewal 4.5.2.2 and watchguard vpn appliance. VPN appliance was supplied by our document flow provider. I want to route traffic to 192.168.2.0/24 via 10.10.10.1 gateway. So I thought it would be a good idea to set it up as another ISP in the providers file. But when I enable it I can reach 192.168.2.0/24 subnet but not internet. Can you please tell what I am doing wrong or if there is an easier way of impementing it. LAN 192.168.1.0/24 WAN 1.2.3.4 VPN external 1.2.3.5; internal 10.10.10.1 ; tunnel is 192.168.2.0/24 interfaces: loc eth1 detect net eth2 net eth0 detect blacklist loc ppp+ zones: fw firewall loc ipv4 net ipv4 providers: tele 1 1 main eth0 1.2.3.1 track eth1 vpn 2 2 main eth2 10.10.10.1 track eth1 rtrules: - 192.168.2.0/24 vpn 1000 ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On 04/19/2012 12:15 PM, Alex wrote:> Our setup: server running shorewal 4.5.2.2 and watchguard vpn appliance. > > VPN appliance was supplied by our document flow provider. I want to > route traffic to 192.168.2.0/24 <http://192.168.2.0/24> via 10.10.10.1 > gateway. > > So I thought it would be a good idea to set it up as another ISP in the > providers file.Actually, that is a poor idea; it is using a sledgehammer to swat a fly. You rather simply need to add the appropriate route using your distributions network configuration tools and then add the necessary rules in Shorewall to allow the appropriate traffic. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
Thanks Tom. This is exactly what I ended up doing. All I had to do was add a routeback statement to my local interface in interfaces config file and the route in the routing table. On Fri, Apr 20, 2012 at 9:02 AM, Tom Eastep <teastep@shorewall.net> wrote:> On 04/19/2012 12:15 PM, Alex wrote: > > Our setup: server running shorewal 4.5.2.2 and watchguard vpn appliance. > > > > VPN appliance was supplied by our document flow provider. I want to > > route traffic to 192.168.2.0/24 <http://192.168.2.0/24> via 10.10.10.1 > > gateway. > > > > So I thought it would be a good idea to set it up as another ISP in the > > providers file. > > Actually, that is a poor idea; it is using a sledgehammer to swat a fly. > You rather simply need to add the appropriate route using your > distributions network configuration tools and then add the necessary > rules in Shorewall to allow the appropriate traffic. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > For Developers, A Lot Can Happen In A Second. > Boundary is the first to Know...and Tell You. > Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! > http://p.sf.net/sfu/Boundary-d2dvs2 > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2