On 7/25/2014 2:02 PM, [email protected] wrote: > On Fri, Jul 25, 2014, at 01:52 PM, Tom Eastep wrote: >> If you can't get it sorted, please send another dump of the CLIENT; this >> time as a compressed attachment so I can load it into an editor. > > I'll see if I can get anywhere, and if not, send the attachment. > > I've verified that, at CLIENT, I'm starting now with > > /zones > fw firewall > net ipv4 > lan ipv4 > vpn1 ipv4 > > /interfaces > net EXT_IF > physical=eth0,tcpflags,nosmurfs,logmartians=1,sourceroute=0 > lan INT_IF physical=eth1,logmartians=1 > vpn1 tun+ -
You will want to add 'optional' as an option for vpn1 -- otherwise, Shorewall won't start if the VPN is down. > > /providers > isp 1 - main eth0 detect > balance - > vpn 2 - main tun1 detect > fallback - > > /mangle > MARK(2):P eth1 - tcp 25 > > /rules > ... > # MAIL > ACCEPT vpn1 lan:192.168.1.7 tcp 25,587 I thought that the server was 192.168.1.2. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
