----- Original Message ----- From: "Mike Lander" <[EMAIL PROTECTED]> To: "Shorewall Users" <[email protected]> Sent: Thursday, August 30, 2007 1:32 PM Subject: Re: [Shorewall-users] Multi-Isp Masqerade ?
: Mike Lander wrote: : > Mike Lander wrote: : > : >> : /etc/shorewall/masq : >> : eth0 10.194.79.181 66.224.62.120 : >> : eth1 66.224.62.120 10.194.79.181 : >> : eth0 eth1 66.224.62.120 : >> : eth1 eth0 10.194.79.181 : > : > The last two entries appear to me to be totally silly. : > : > Please stop and think a minute about what those entries are asking the : > firewall to do. The first one says that "any traffic from a host with a : > route out of eth1 that is being forwarded out of eth0 should have its : > source : > address rewritten to 66.224.62.120". Why would any traffic be taking that : > path at all? The second rule is similar... : > : > Am I missing something? : > : > -Tom : > : > Well in the mulit-Isp setup this is the convention : > to take with two isp two nics FQip : > That is why I am confused on how to masq : > from loc to the net with one nic FQip 66.224.62.120 : > and the other fowarding to the gw 10.194.79.254 : > on the internal lan. My thought about the lan : > is not to masq at all, any ideas? : > But you answer sure make me think about : > it more clear. : : If there is a local LAN here, which interface is it connected to? All you : have shown us is eth0 and eth1 which appear to go to the two providers. : Please don't tell me that 'the LAN' is also accessed through one of those : interfaces.... : : -Tom : -- : Well I thought I could access both T-1's in this config in my previous : post, the admin led me to believe. : But as it turns out both these ISP's (two full T-1's are in seperate : buildings) : and connected by one run of Fiber. So Jerry seemed optimistic this config : would work as his does. : I have two nics in a test enviroment with the same setup at my place. : : eth0 66.224.62.120/27--gw 66.224.62.97 : eth1 10.194.79.181- gw 10.194.79.254 : I will send dump if you like. : : Mike : : Here is the dump Thanks Mike : : : : ------------------------------------------------------------------------- : This SF.net email is sponsored by: Splunk Inc. : Still grepping through log files to find problems? Stop. : Now Search log events and configuration files using AJAX and a browser. : Download your FREE copy of Splunk now >> http://get.splunk.com/ : _______________________________________________ : Shorewall-users mailing list : [email protected] : https://lists.sourceforge.net/lists/listinfo/shorewall-users :
dump.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
