[Shorewall-users] Large number of SNAT'd addresses loads very
teastep at shorewall.net
Wed Dec 10 13:14:03 PST 2003
On Wednesday 10 December 2003 01:09 pm, Clint Miller wrote:
> Tom -
> On Wednesday 10 December 2003 11:14, Tom Eastep wrote:
> > I'm absolutely speechless that someone would even dream of adding that
> > many addresses to an interface.
> > Given that this is a tunnel and there are no ARP or broadcast issues
> > involved, I don't see any need to add the addresses at all. Have you
> > tried it without doing that?
> > -Tom
> It works flawlessly without adding the addresses, except...
> we have a set of LANs that we need to put on our VPN whose internal
> addresses clash with other LANs in our VPN. In order to route between the
> two we attach these vpn-friendly address to the tunnel interface. Then we
> can add routes between the new NATd lan and the rest of the VPN. The
> result is
> can route between one another.
I'm saying to do that WITHOUT ADDING THE ADDRESSES to the tunnel interface! I
don't believe that they serve any purpose.
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-users