Keith Mitchell wrote: > I'm trying to connect a branch office to my main office. > > I have data and voice that need to flow between the branch office and > the main one. > > I have a VPN setup for the data, and a dedicated fiber trunk between the > two offices. > > I thought I'd try to use the Multi-ISP setup to help segment the > traffic, but I have run into a stupid. > > eth1 - 10.253.0.1 eth3 - > 10.253.0.254 eth0 > /-----------------------\ eth0 > 192.168.1.1/24 --- Office A - - Office B --- > 10.254.0.1/24 > \---------vpn-----------/ > eth2 eth2 > > Shorewall is working in both offices, as well as the VPN. I can ping > across the VPN between the offices as well. > > I can also ping bi-laterally between eth1 in Office A and eth3 in Office B. > > I cannot, however, ping the private subnets in either office through the > fiber tunnel, although (I think) I have the masq files setup correctly > on both sides. I don't see errors in the syslog when I try this ping, > which leads me to a routing or masq error, but I've tried several > different stabs at the masq and tc* files, as well as static routes in > an attempt to overcome the error. > > I know I'm doing it wrong. I probably also know after getting this far > into it that this may not be the best way to flow this traffic. > > I've attached shorewall dumps from both sides of the tunnel(s). If > someone could point me in the right direction, I'd greatly appreciate > it, as I have no local binar speakers I can bounce this off of.
The attached archive is corrupted so there are no dumps to look at. Also, given your above description (with mangled ASCII art), I don't understand how you thought that Multi-ISP would help you. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
