[Shorewall-users] Large number of SNAT'd addresses loads
venkatesh at cbayscribe.com
Sun Dec 21 12:48:07 PST 2003
I have a smiliar setup where I need to SNAT each subscribers private ip(s)
to one single public IP address. I was using Shorewall with the above setup
with 3 class "C" pools configured onto one single dummy interface.
But, the IP address(s) are added to dummy interface by a custom script.
----- Original Message -----
From: "Tom Eastep" <teastep at shorewall.net>
To: "Clint Miller" <cmiller at tigerbyte.com>
Cc: "Shorewall Users" <shorewall-users at lists.shorewall.net>
Sent: Thursday, December 11, 2003 4:57 AM
Subject: Re: [Shorewall-users] Large number of SNAT'd addresses loads
> On Wednesday 10 December 2003 02:16 pm, you wrote:
> > Tom -
> > On Wednesday 10 December 2003 15:14, Tom Eastep wrote:
> > > I'm saying to do that WITHOUT ADDING THE ADDRESSES to the tunnel
> > > interface! I don't believe that they serve any purpose.
> > >
> > > -Tom
> > I've tried without adding the addresses. It doesn't work. The route
> > ends up looking something like this on our central VPN server:
> Routes and aliases have *nothing* to do with one another:
> a) Leave the routing the way it is.
> b) Leave all NAT the way it is.
> c) Just don't add the 100s of extra addresses to the tun* interface.
> Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
> Shoreline, \ http://shorewall.net
> Washington USA \ teastep at shorewall.net
> Shorewall-users mailing list
> Post: Shorewall-users at lists.shorewall.net
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
More information about the Shorewall-users