Shorewall 1.1 IPIP Tunnels |
Warning: IPIP Tunnels are insecure when used over the internet; use them at your own riskIPIP tunneling with Shorewall requires iproute2 and can be used to bridge two masqueraded networks. Bridging two Masqueraded NetworksSuppose that we have the following situation: We want systems in the 192.168.1.0/24 subnetwork to be able to communicate with the systems in the 10.0.0.0/8 network. This is accomplished through use of the /etc/shorewall/tunnels file, the /etc/shorewall/policy file and the /etc/shorewall/tunnel script that is included with Shorewall. On system A, the 10.0.0.0/8 will comprise the gw zone. In /etc/shorewall/interfaces:
In /etc/shorewall/tunnels on system A, we need the following:
In the tunnel script on system A:
Similarly, On system B the 192.168.1.0/24 subnet will comprise the gw zone. In /etc/shorewall/interfaces:
In /etc/shorewall/tunnels on system B, we have:
And in the tunnel script on system B:
You can rename the modified tunnel scripts if you like; be sure that they are secured so that root can execute them. On both systems, restart Shorewall and run the modified tunnel script with the "start" argument on each system. The systems in the two masqueraded subnetworks can now talk to each other Updated 6/23/2001 - Tom Eastep |