Amazing, and here I though I had missed something and needed more config files to make this happen -- thanks a million! It works with the ping test no problem.
Now, for the last part. I would like to have all traffic from the user "deluge" to be routed over OpenVPN via tun0, but all other traffic over the ISP via eth0. I have this in my tcrules file: #MARK SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS CONNBYTES HELPER # PORT(S) PORT(S) 0x200:T $FW 0.0.0.0/0 - - - deluge But, it appears that it does not re-route packets as required. Best Regards, Tyler On 3 July 2011 13:31, Tom Eastep <[email protected]> wrote: > > On Jul 2, 2011, at 10:28 PM, Tyler Walters wrote: > >> Hello, >> >> I have a server with 5 public facing ips, and one OpenVPN tun >> connection. The 5 ips are all from the same provider and face the same >> gateway. I would eventually like to route all of one user's traffic to >> and from the VPN while leaving the rest of the server's traffic >> untouched. There is no local lan, and the firewall is also the server >> -- everything resides on $FW. >> >> I have tried this from a number of angles, so I setup a VMWare machine >> to run a limited test before migrating it to the full scale server. I >> am testing using "ping -I tun0 google.ca" and "ping google.ca", where >> the first one should route to and from tun0 only, and the second to >> and from eth0 only (by default). tun0 will always be assigned the >> static ip of 10.88.0.6 and eth0 always 192.168.217.128. The tunnel has >> been sucessfully tested and monitored using tshark on both ends of the >> tunnel, and on all interfaces (both tun* and eth* at each side). Below >> is version information, the commands that successfully work WITHOUT >> shorewall being installed at all, and attached is a dump of all config >> files as well as a "shorewall dump". Thanks for your help, hopefully >> this is easier than I find it to be thus far. > > > Don't use either the route_rules or routes file and simply put this in your > /etc/shorewall/providers: > > #PROVIDER NUMBER MARK DUPLICATE INTERFACE GATEWAY > OPTIONS COPY > ISP 1 - main eth0 192.168.217.2 > track,balance none > VPN 2 - main tun0 10.88.0.5 - > none > > That's it! > > -Tom > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2d-c2 > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
