On 9/26/2015 2:33 PM, Tom Eastep wrote: > On 9/26/2015 11:50 AM, Brian J. Murrell wrote: >> On Sat, 2015-09-26 at 19:30 +0100, Simon Hobson wrote: >>> Brian J. Murrell <br...@interlinx.bc.ca> wrote: >>> >>>> ... there doesn't seem to be any mechanism in place in >>>> Shorewall to ensure that packets from the LAN with a source IP >>>> address >>>> in ISP A's address space are actually directed out of the ISP A >>>> interface. >>> >>> http://www.shorewall.net/manpages6/shorewall6-providers.html >> >> Thanks. I'm well aware of the manpage and read it before coming here. >> So what did I miss in there that specifically directs the creation of >> "ip -6 rule"s forcing the source addresses used by LAN clients out via >> the providers' interface? > > Here is the way that I do it. My LAN has addresses in network > 2001:470:b:787::/64.
And my DMZ has addresses in network 2001:470:b:227::/64. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
