Brian J. Murrell wrote: > > It seems it's a bit of a perversion of providers, but would it be much > of perversion? Would it be as simple as pointing to the other gateway's > internal address as the 2nd provider, as if it were the IP of the other > provider? >
Yes. You would also need to set the 'routeback' option on both routers' internal interface. Regardless of whether you use Shorewall providers, you probably want to monitor the conntrack table usage. That is because your routing will be asymmetric; both routers will be trying to track connections redirected from one to the other. Note that only the destination router will have complete conntrack entries since the redirecting router will only handle traffic in the outbound direction. You will also want to set /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal and /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_loose to avoid tcp packets being dropped as invalid by Netfilter connection tracking. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
