On Jul 3, 2011, at 10:31 AM, Tom Eastep wrote: > > On Jul 2, 2011, at 10:28 PM, Tyler Walters wrote: > >> Hello, >> >> I have a server with 5 public facing ips, and one OpenVPN tun >> connection. The 5 ips are all from the same provider and face the same >> gateway. I would eventually like to route all of one user's traffic to >> and from the VPN while leaving the rest of the server's traffic >> untouched. There is no local lan, and the firewall is also the server >> -- everything resides on $FW. >> >> I have tried this from a number of angles, so I setup a VMWare machine >> to run a limited test before migrating it to the full scale server. I >> am testing using "ping -I tun0 google.ca" and "ping google.ca", where >> the first one should route to and from tun0 only, and the second to >> and from eth0 only (by default). tun0 will always be assigned the >> static ip of 10.88.0.6 and eth0 always 192.168.217.128. The tunnel has >> been sucessfully tested and monitored using tshark on both ends of the >> tunnel, and on all interfaces (both tun* and eth* at each side). Below >> is version information, the commands that successfully work WITHOUT >> shorewall being installed at all, and attached is a dump of all config >> files as well as a "shorewall dump". Thanks for your help, hopefully >> this is easier than I find it to be thus far. > > > Don't use either the route_rules or routes file and simply put this in your > /etc/shorewall/providers: > > #PROVIDER NUMBER MARK DUPLICATE INTERFACE GATEWAY > OPTIONS COPY > ISP 1 - main eth0 192.168.217.2 > track,balance none > VPN 2 - main tun0 10.88.0.5 - > none >
You probably want 'track' on VPN as well -- sorry for the omission. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
