[Shorewall-users] Large number of SNAT'd addresses loads very
teastep at shorewall.net
Wed Dec 10 15:27:02 PST 2003
On Wednesday 10 December 2003 02:16 pm, you wrote:
> Tom -
> On Wednesday 10 December 2003 15:14, Tom Eastep wrote:
> > I'm saying to do that WITHOUT ADDING THE ADDRESSES to the tunnel
> > interface! I don't believe that they serve any purpose.
> > -Tom
> I've tried without adding the addresses. It doesn't work. The route table
> ends up looking something like this on our central VPN server:
Routes and aliases have *nothing* to do with one another:
a) Leave the routing the way it is.
b) Leave all NAT the way it is.
c) Just don't add the 100s of extra addresses to the tun* interface.
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-users