[Firehol-support] Help configuring additional gateway

Carlos Rodrigues cefrodrigues at mail.telepac.pt
Tue Dec 6 19:57:45 GMT 2005 

So, the packets going to the vpn gateway come in from the local
network and then must be out to the local network again?

If so, you can add:

router home2home inface eth0 outface eth0
  client all accept
  server all accept


On 12/6/05, Marcus Williams <marcus at quintic.co.uk> wrote:
> Hi -
>
> Up to now, our network has been fairly standard SOHO - single gateway,
> two eth interfaces (intranet and internet). We use a simple
> configuration like:
>
> # The network of our eth0 LAN.
> home_ips="192.168.202.0/24"
>
> interface eth0 dhcp
>    policy return
>    server dhcp accept
>
> interface eth0 home src "${home_ips}"
>    policy reject
>    server "dns ssh icmp" accept
>    client "dns icmp" accept
>
> interface eth1 internet src not "${home_ips} ${UNROUTABLE_IPS}"
>    server ident reject with tcp-reset
>    client all accept
>
> router internet2home inface eth1 outface eth0
>    masquerade reverse
>    client all accept
>    server ident reject with tcp-reset
> # EOF
>
> My route table looks like:
>
> > Kernel IP routing table
> > Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> > 192.168.1.0     *               255.255.255.0   U     0      0        0 eth1
> > localnet        *               255.255.255.0   U     0      0        0 eth0
> > default         192.168.1.1     0.0.0.0         UG    0      0        0 eth1
>
> However... now we've added a VPN gateway to the intranet so theres a new
> route on our main gateway:
>
> > 192.9.200.0     vpn          255.255.255.0   UG    0      0        0 eth0
>
> So all requests to 192.0.200.x need to be routed through the vpn host
> (which is on the intranet). How do I support this in the firehol
> configuration?
>
> Thanks
>
> Marcus
>
> --
> Marcus Williams -- http://www.cad-schroer.co.uk
> CAD Schroer UK, 39 Newnham Road, Cambridge, UK
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support
>


--
Carlos Rodrigues

http://tudo-sobre-nada.blogspot.com

More information about the Firehol-support mailing list