Re: Defining static routes with FireHOL
Martin G.H. Minkler schreef:
Alohá!
Following problem:
I'm running FireHOL on a debian sarge and everything is great, I just
love the ease and precision of FireHOL, but I have an OpenVPN server
sitting in the DMZ on eth1 (using 10.1.4.0/24 as the tunnel subnet)
who's output coming from the VPN tunnels should be routed to the
intranet 10.1.1.0/24 on eth2 while the DMZ itself has a completely
different public /29. As the DMZ default gateway is the same machine
that routes the intranet there's no problem there.
The rule
router sphinx2i inface eth1 outface eth2 src "${vpn_ips}" dst
"${intranet_server_ips}"
server all accept
works fine except for the fact that the machine doesn't natively know
how to route 10.1.4.0/24 back to the OpenVPN server as none of it's
interfaces are within that subnet. Attaching a custom route to eth1 in
/etc/network/interfaces with
post-up "route add -net 10.1.4.0/24 gw <IP_OpenVPN_server>"
works - until FireHOL starts and somehow kills the custom route.
How can a route be set (inside /etc/firehol/firehol.conf or elsewhere)
for good, one that is persistent?
best regards and Thank You very much
Martin
Hi Martin and debian-firewall,
I'm using something like "up /etc/openvpn/server1.up" in my openvpn
".conf" files.
The /etc/openvpn/server1.up is a file with
#!/bin/bash
/sbin/route add -net 10.1.4.0 netmask 255.255.255.0 gw $5
in it. Make sure that /etc/openvpn/server1.up is executable.
This will make openvpn dynamically set the routing when it starts. And
removing the routing when it stops.
Works for me, also with firehol.
Regards,
Fred
http://linox.be
--
Frederik Rousseau
L I N U X .~. CM Electronics bvba
The Choice /V\ 0032 3 457 85 67
of a GNU /( )\ Duffelse steenweg 146
Generation ^^-^^ 2550 Kontich - BELGIUM
Reply to: