replacing
/interfaces
- vpn1 tun+ optional
+ vpn1 tun1 optional
seems to fix the 'tun1 is disabled' problem
that, plus additionally changing
/shorewall.conf
- USE_DEFAULT_RT=Yes
+ USE_DEFAULT_RT=No
/providers (line 11)
- isp 1 - - EXT_IF detect
balance -
- vpn 2 - - tun1 10.0.0.1
fallback -
+ isp 1 - main EXT_IF detect
balance INT_IF
+ vpn 2 - main tun1 10.0.0.1
fallback INT_IF
apparently fixes the can't-connect-from-external-host problem
after recompile/push
then at CLIENT
shorewall-lite restart
Restarting Shorewall Lite....
Initializing...
Processing init user exit ...
Processing tcclear user exit ...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Accept Source Routing...
Setting up Proxy ARP...
Adding Providers...
Preparing iptables-restore input...
Running /usr/sbin/iptables-restore...
IPv4 Forwarding Enabled
Processing start user exit ...
Processing started user exit ...
done.
shorewall-lite status -i
Shorewall Lite-4.6.2.2 Status at core - Sun Jul 27 19:06:45 PDT
2014
Shorewall Lite is running
State:Started (Sun Jul 27 19:06:10 PDT 2014) from
/usr/local/etc/shorewall/client/ (/var/lib/shorewall-lite/firewall compiled by
Shorewall version 4.6.2.2)
Interface eth0 is Enabled
Interface tun1 is Enabled
shorewall show routing
...
Table isp:
S.S.S.1 dev eth0 scope link src S.S.S.S
S.S.S.0/24 dev eth0 proto kernel scope link src S.S.S.S
192.168.1.0/24 dev eth1 proto kernel scope link src
192.168.1.100
169.254.0.0/16 dev eth0 scope link
default via S.S.S.1 dev eth0 src S.S.S.S
Table vpn:
10.0.0.1 dev tun1 scope link src 10.0.0.2
10.0.0.0/24 dev tun1 proto kernel scope link src 10.0.0.2
192.168.1.0/24 dev eth1 proto kernel scope link src
192.168.1.100
192.168.0.0/24 via 10.0.0.1 dev tun1
default via 10.0.0.1 dev tun1 src 10.0.0.2
AND, from external host, telnet now connects
telnet S.S.S.S 25
Trying S.S.S.S...
Connected to mx.mydomain.com.
Escape character is '^]'.
220 mx.mydomain.com ESMTP
and at SMTP
Jul 27 19:18:13 mx postfix/smtpd[24537]: connect from unknown[X.X.X.X]
(1) that's inbound, haven't tested outbound yet -- or actual mailing for that
matter
(2) WHY the problems occur without these ^^ changes is still open
(3) I don't yet understand what the effects of USE_DEFAULT_RT=Yes->No will be
------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
