IP Tables Gateways Routing

Hi

DHCP is running on the Linux Centos 4 server and has both gateways setup:
10.10.11.7
10.10.11.8

I have 2 ADSL lines. A software firewall (Smoothwall) runs with IP 10.10.11.8 internal NIC and 192.168.0.2 external NIC which is connected to ADSL 1.

ADSL 2 has IP 10.10.11.7 and is using dynamic DNS to establish a VPN connection.

I am routing traffic from local LAN 10.10.11.0/24 to remote 10.10.10.0/24. This route works.

The second routing setup needs to redirect/forward Internet traffic to the firewall on 10.10.11.8 to save bandwidth on the VPN connection. How do i do this??

Is there a configuration/syntax error somewhere??

Here is my dhcpd.conf and iptables configuration:

ddns-update-style interim;
ignore client-updates;

subnet 10.10.11.0 netmask 255.255.255.0 {

# --- default gateway
option routers 10.10.11.7,10.10.11.8;
option subnet-mask 255.255.255.0;

option nis-domain "christo.co.za";
option domain-name "christo.co.za";
option domain-name-servers 10.10.11.5;

option time-offset -18000; # Eastern Standard Time
# option ntp-servers 10.10.11.5;
# option netbios-name-servers 10.10.11.5;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;

range dynamic-bootp 10.10.11.40 10.10.11.200;
default-lease-time 21600;
max-lease-time 43200;

# we want the nameserver to appear at a fixed address
host ns {
next-server marvin.redhat.com;
hardware ethernet 12:34:56:78:AB:CD;
fixed-address 207.175.42.254;
}
}


# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8585 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1352 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT
-A FORWARD -s 10.10.11.0/24 -d 10.10.10.0/24 -p tcp -j ACCEPT
-A FORWARD -s 10.10.11.0/24 -d 10.10.11.8 -p tcp 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 80 -d 10.10.11.8 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMITStart Free Trial