Hi All,
I check in FAQ and in Tom Eastep articles, but can't find answer for my
question. This is simple situation:
I have dual homing connection to Internet, through two ISP but all two ISP
links are managed by BGP. So I have AS number and my class "C" propagated by
two BGP sessions (using Quagga). If one of this two links go down, full trafic
is flowing through opposite link and this is very important for my network.
But I'm using NAT (my LAN is bigger, than class "C"). So I have records in
masq and in nat file translating my internal adresses to my (BGP propagated)
IP adresses (static IP adresses of ISP ports are used very rarely). And...
all rules I must manually duplicate for all two interfaces,
because packets can go through any of this two ports and must be identically
translated. Ofcourse, there is problem with probable errors. And if I will add
third BGP connection, I should replicate half of rules with interface change.
There should be natural to write ZONE name in INTERFACE column, where this
zone contain both interfaces, but Shorewall not accept this.
Here is a question: is there option to enable possibility of write zone name
instead interface name in any rules file for automatically duplication rules
for all interfaces in zone (or other method of groupping interfaces)? Or maybe
exist other method to direct records about one interface automatically to
another?
Regards
Andrzej Odyniec
Warsaw, Poland
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
