Ahh ok, I'm confusing myself :( If I put an entry in the /etc/shorewall/nat do I have to setup /etc/shorewall/masq The machine/s behind LVS will need to connect via an External IP other then the router/firewall one...
Hence why I masq behind eth1 Remember this machine is my router as well (eth0 has a /30 with my upstream) eth1 is my /25 Cheers Ad -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Eastep Sent: Wednesday, 9 January 2008 10:49 AM To: [EMAIL PROTECTED]; Shorewall Users Subject: Re: [Shorewall-users] Shorewall and LVS-NAT (via fwmark) nat'd machines can't access the outside world directly Adam Niedzwiedzki wrote: > Hi guys, > > Ok I went to masq the LVS interface and realised I "think" I have an issue.. > > This machine IS my router AS well as my firewall and my load balancer... > > Internet -- eth0 - router/firewall - eth1 --- internal lan > | > eth2 LVS-NAT setup > > Hence eth0 is connected to my upstream, > eth1 isn't masq'd it's routed and eth2 is my LVS NIC (which is handled by > LVS) (which I want to masq) > > I'm sure I've missed something simple. > > /etc/shorewall/masq > #INTERFACE SUBNET ADDRESS PROTO PORT(S) > IPSEC > eth1 eth2 ---- Wrong interface. > > *snipped* setup files.. > /etc/shorewall/zones > fw firewall > net ipv4 > loc ipv4 > lvs ipv4 > > /etc/shorewall/interfaces > net eth0 detect ------------ -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
