[Shorewall-users] Question about MASQ/VPN/One Interface Setup

Tom Eastep teastep at shorewall.net
Tue Oct 14 16:32:15 PDT 2003

On Tue, 2003-10-14 at 15:14, Westerhold, Axel wrote:

> If this means to force routing on the Sun's, well if needed I will do
> it. I was just wondering if there is any way to use the non-rfc IP of my
> Linux FW. 

You may be able to define the routes on the CheckPoint and have it send
ICMP redirects to the SUNs when they try to route VPN traffic through
the CheckPoint.

People often do that with Shorewall Boxen judging by the frequency with
which people ask why it's not working right :-) (usually setting the
'routeback' and 'newnotsyn' options on the local interface gets them

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

