Hi all, I have to add a problem here: Suppose I have to NAT for ISP1 and not for ISP2. Is there a way to do this? e.g. Can I use the marks of the providers file to create MASQ rules for ISP1?
Regards, Erwin On Wednesday 05 December 2007, Tom Eastep wrote: > On Wed, 2007-12-05 at 09:07 -0800, Tom Eastep wrote: > > I always forget there is another factor here. > > > > Let's suppose you have the following: > > > > ISP1 ISP2 > > > > -------------------- > > > > | Firewall |-- DMZ > > > > --------------------- > > > > LOC > > > > If you mark traffic from LOC in PREROUTING based on protocol and port, > > then that traffic will be routed based on whether it will go to ISP1 or > > ISP2. But suppose that it goes to the DMZ! So you need to include the > > route to the DMZ in the routing tables for both ISP1 and ISP2. That is > > independent of whether you use 'track' or not. > > Note that you could also add a routing rule in the 1000-1999 range, > sending traffic to the DMZ address range through the main table (254). I > do that here with my DMZ which has one system (206.124.146.177): > > #SOURCE DEST PROVIDER PRIORITY > - 206.124.146.177 254 1000 > > -Tom ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
