Alohá!
Following problem:
I'm running FireHOL on a debian sarge and everything is great, I just
love the ease and precision of FireHOL, but I have an OpenVPN server
sitting in the DMZ on eth1 (using 10.1.4.0/24 as the tunnel subnet)
who's output coming from the VPN tunnels should be routed to the
intranet 10.1.1.0/24 on eth2 while the DMZ itself has a completely
different public /29. As the DMZ default gateway is the same machine
that routes the intranet there's no problem there.
The rule
router sphinx2i inface eth1 outface eth2 src "${vpn_ips}" dst
"${intranet_server_ips}"
server all accept
works fine except for the fact that the machine doesn't natively know
how to route 10.1.4.0/24 back to the OpenVPN server as none of it's
interfaces are within that subnet. Attaching a custom route to eth1 in
/etc/network/interfaces with
post-up "route add -net 10.1.4.0/24 gw <IP_OpenVPN_server>"
works - until FireHOL starts and somehow kills the custom route.
How can a route be set (inside /etc/firehol/firehol.conf or elsewhere)
for good, one that is persistent?
best regards and Thank You very much
Martin