* Tom Eastep wrote: > Adam Niedzwiedzki wrote: > >> >> This is the issue, how can I setup shorewall to allow the "realservers" >> access to the internet, if it is shorewall that I should be trying to >> make >> this happen with. >> >> Should I MASQ eth2 in shorewall? > > Yes. That or run a proxy on the Shorewall box. Yep > >> Will this then break LVS-NAT doing the masq on the incoming stuff? > > I shouldn't think so. > No, thats what we do.
Shorewall masqing all other interfaces / internal nets through our internet interface. LVS masqing incoming traffic from the internet to our realservers. The only trouble we had was forgetting to put an ACCEPT rule in net to fw for the ports handled by LVS. :-) Other than that, it has worked solid for over two years. We haven't even had to mess with fwmark. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
