Hi, First off, thanks a lot for making shorewall - it is a fantastic piece of software!
I have a connection to the internet (talktalk) and an openvpn connection to a provider that uses redirect-gateway def1 to add entries to the main routing table to make traffic go via the VPN. Generally all traffic is routed over the openvpn connection but traffic to some destinations and from some sources is routed directly via the ISP. Currently I have USE_DEFAULT_RT=No set in shorewall.conf. I then have an entry in providers as follows (where the external IP of my internet connection has been replaced with my.external.ip): TT 2 2 main enp5s5f1 my.external.ip track wlp5s6,wlp5s6_0,enp5s5f0,virbr1,tun1,tun3 My openvpn connection uses tun4 as an interface. In mangle, I have several entries to tell certain traffic to go via the ISP, here is an example of one of the entries: MARK(2):P 192.168.4.11 0.0.0.0/0 This particular entry sends all traffic from 192.168.4.11 directly out through my ISP rather than via the openvpn connection. This configuration works fairly well, but I would like to be able to set USE_DEFAULT_RT=Yes in shorewall.conf, however so far, no matter what I do I can't seem to get the configuration right for this to work in the way I want. Any ideas on how this can be done? Many thanks, Ben _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
