On September 1, 2009 02:36:15 pm Bill Strosberg wrote: > All: > > It's been years since I posted here. I've got a situation that I could > use some help on. > > I've got a client who is doing some interesting things. I've got a > firewall with four Ethernet interfaces in that connects to the Internet > via PPPoE. > > eth0 - Internal private network > eth1 - Public wireless network for their clients and visitor use > eth2 - connection to DSL via PPPoE > eth3 - connection to internal VOIP system (use for failover if dedicated > VOIP internet connection fails) > tun0 - OpenVPN > ppp0 - External connection > > Everything has worked fine in this site for years. The client recently > decided to move to a VOIP system for their internal phones, and it has > it's own Internet connection to the provider. The VOIP provider's > proprietary router has an Ethernet interface to allow failover > connection to a secondary provider if their own network fails. > > eth3 is set up as static 10.20.0.2/255.255.0.0/16 with the external > Ethernet interface on the VOIP router (10.20.0.1) as the default gateway > on the network. > > I've set up iproute2 to add a new table in /etc/iproute2/rt_tables: > > 100 voip_provider > 255 local > 254 main > 253 default > > In /etc/network I've added a script if-post-up-eth3.sh: > > ip rule add from 222.88.20.0/24 table voip_provider > ip rule add from 222.88.21.0/24 table voip_provider > ip rule add from 222.88.22.0/24 table voip_provider > ip route add default via 10.20.0.1 dev eth3 table voip_provider > ip route flush cache > > ip masq is working for eth3. > > I can connect a PC on the eth3 10.20.0.0/16 network and it has no > problem surfing etc. > > What I want to do is have packets from all of the specified external > subnets routed out of the firewall to the address 10.20.0.1 on eth3. > Basically, all external traffic from these source address ranges need to > be forwarded to the VOIP provider's router, with no exception. > > Any ideas? > > -- > Bill S > > Bill I sent a reply but I used the wrong email address. Did you solve your issue -- Bruce Harding, Member: IEEE, SPIE, IACR Manager, Computer Books for Less 210 Bank St. Ottawa ON K2P 1W2 Phone: 613-233-7357 Fax: 613-233-6823