[Firehol-support] Help configuring additional gateway

Marcus Williams marcus at quintic.co.uk
Tue Dec 6 12:17:27 GMT 2005

Hi -

Up to now, our network has been fairly standard SOHO - single gateway, 
two eth interfaces (intranet and internet). We use a simple 
configuration like:

# The network of our eth0 LAN.

interface eth0 dhcp
   policy return
   server dhcp accept

interface eth0 home src "${home_ips}"
   policy reject
   server "dns ssh icmp" accept
   client "dns icmp" accept

interface eth1 internet src not "${home_ips} ${UNROUTABLE_IPS}"
   server ident reject with tcp-reset
   client all accept

router internet2home inface eth1 outface eth0
   masquerade reverse
   client all accept
   server ident reject with tcp-reset

My route table looks like:

> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
>     *        U     0      0        0 eth1
> localnet        *        U     0      0        0 eth0
> default         UG    0      0        0 eth1

However... now we've added a VPN gateway to the intranet so theres a new 
route on our main gateway:

>     vpn   UG    0      0        0 eth0

So all requests to 192.0.200.x need to be routed through the vpn host 
(which is on the intranet). How do I support this in the firehol 



Marcus Williams -- http://www.cad-schroer.co.uk
CAD Schroer UK, 39 Newnham Road, Cambridge, UK

More information about the Firehol-support mailing list