From: Tom E. <te...@sh...> - 2002-10-17 13:09:07
|
Hugh McGuirk wrote: >> >>Three questions: >> >>a) Do VPN clients need to access the internet >>through the Shorewall box? >>b) Is z.z.z.0/24 a public subnetwork? >>c) If so, is traffic from the internet destined for >>z.z.z.0/24 routed >>through your firewall/VPN today? >> >>-Tom >>-- > > > a) VPN clients dont need to access the internet, they > just need to access the LAN, presumably through the > Shorewall box. > > b) z.z.z.0/24 is the private RFC1918 address of the > Client's LAN which gets tunneled through the VPN as > far as our network. > > c)Clients at the other end of the VPN have their own > direct access to the internet, so there is only > routing between our LAN and the client's LAN. > Then this is just a simple routing problem. If you give eth2 a z.z.z.x/24 address, everything will "just work". Traffic from the VPN destined for a host in LANA, LANB or LANC will be routed out eth0. Traffic from those LANs for z.z.z.* will be routed out eth2. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ te...@sh... |