Shorewall and static routing?

Kenneth Burgener kenneth at
Sun Aug 12 19:32:00 MDT 2007

Kenneth Burgener wrote:
> Hello, and thanks in advance for any suggestions.  I switched from a
> dumb DSL modem doing my firewall and routing to a powerful Linux server
> with shorewall (iptables frontend), but I have a small issue with static
> routing for my openvpn.  I was hoping someone might be able to shed some
> light on this issue that kept me up all last night.  I have everything
> working and more than I did with the dumb DSL modem, with the exception
> of the static routing.
> Summary question:
> How do you get shorewall to do a static route?
> I watch the message log, and it does not appear that shorewall is
> dropping any connections, so it appears that I am just doing the routing
> wrong.
> Any suggestions?  This all worked with a simple DSL modem, so this
> should work with a powerful Linux router, right?

Here is an update on what I think is happening, and why I think it is
routing or shorewall that is the cause...

If I manually add a static route for the "VPN" network to one of the
machines on the network, I can access that machine over the VPN fine.
If I don't have the static route on the machine, it fails.  What used to
happen, from my understanding, is the request would hit the machine, but
as there was no route prelisted in the routing tables, it would be
routed to the default gateway.  The old gateway, the DSL modem, had a
static route that would route this traffic back to the VPN server.  the
new default gateway, the Linux server, should be mimicking what the old
DSL modem did, as far as static routing, and as far as I can tell from
tcp dump, it does appear to be forwarding the traffic on.  But the
request isn't being processed by the VPN server, so it appears that the
request was lost into the void.

Any thoughts?  Suggestions?

