Oh my...
Thank you Chakravarthy...
May be I will use other solution and release shorewall...
Thank you
2008/10/24 Chakravarthy Girda <[EMAIL PROTECTED]>
> Hi,
> I gave up on this issues. Here is my research...
>
> (1) /etc/shorewall/route_rules
> * It works but only per IP address or the entire LAN.
> * It won't work per protocol or service based.
> * Failover capability won't work
> Eg:-
> #SOURCE DEST PROVIDER PRIORITY
> #192.168.2.10 - DSL 11000
> #192.168.2.11 - T1 11001
>
> Caution:
> You have to make modifications to your load balancing/
> failover script (gwping..etc) ELSE if there is a failover on DSL (as
> shown above) line my route for the above machine still stays in the old
> routing table. That is where the failover script should switch the route
> to the other.
>
> (2) /etc/shorewall/tcrules
> This is supposed to work per protocol but I could never make it work.
> Sample:-
> #2:130 eth0 eth4 tcp - 873,21,22
>
> Chakri
>
>
>
> Gilberto Nunes wrote:
> > Thanks Jerry
> >
> > You put some light on my darkness...
> >
> > But I have a doubt here:
> >
> > Where I declare the ISP 1 or 2? /etc/shorewall/providers?
> >
> > Another question:
> >
> > In this case, I have to send outgoing traffic through specific external
> IP.
> >
> > Let me explain.
> >
> > I have one LAN and two ISP, right?
> >
> > When some user behind Shorewall open your web browser or certain
> > application, and enter a especific URL or Internet address, this traffic
> > may be outgoing via ISP1, per example.
> >
> > Others traffic outgoinh via ISP2....
> >
> > Thanks
> >
> >
> >
> >
> > 2008/10/24 Jerry Vonau <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
> >
> > Gilberto Nunes wrote:
> > > Hi all and specially Mr. Tom....
> > >
> > > (Please, do not be acid with me please! I am only a newbie,
> > trying learn
> > > more about shorewall)
> > >
> > > I get involved with a Firewall Project in a customer here in my
> > city...
> > >
> > > In this customer, he has two Internet Providers.
> > >
> > > So, he ask me how make certain connection following one routing
> > path (like
> > > RT_1) and others connections type, following the other routing
> > path (like
> > > RT_2).
> > >
> > > Let me try do a ascii art here:
> > >
> > >
> > > ( I know is horrible think! rsrs I am not artist!)
> > >
> > > So, all traffic is pass by SHOREWALL MACHINE. ok!
> > >
> > > Some traffic have to out via ISP 1 and others traffic, will be
> > out via ISP
> > > 2.
> > >
> > > I am reading Multiple ISP docs, but it is not clearly for me
> > >
> > Right after one of the "WARNING"s on:
> > http://www.shorewall.net/MultiISP.html
> >
> > Entries in /etc/shorewall/masq have no effect on which ISP a
> particular
> > connection will be sent through. That is rather the purpose of
> entries
> > in /etc/shorewall/tcrules or /etc/shorewall/route_rules. <<<<<<
> >
> > Now suppose that you want to route all outgoing SMTP traffic from
> your
> > local network through ISP 2. You would make this entry in
> > /etc/shorewall/tcrules (and if you are running a version of Shorewall
> > earlier than 3.0.0, you would set TC_ENABLED=Yes in
> > /etc/shorewall/shorewall.conf).
> >
> > #MARK SOURCE DEST PROTO PORT(S)
> CLIENT
> > USER TEST
> > #
> PORT(S)
> > 2:P <local network> 0.0.0.0/0 <http://0.0.0.0/0>
> > tcp 25
> > "
> >
> > > So, I need some help with this.
> > >
> > > Can I use packet mark? How?
> > >
> > Depending on what you need to do, use entries in
> /etc/shorewall/tcrules
> > or /etc/shorewall/route_rules.
> >
> > > In a traditional iptables rules, I use --set-mark.
> > > But in a Shorewall enviroment, how can I take action with this
> > iptables
> > > rules?
> > >
> > More traffic marking info at:
> > http://www.shorewall.net/traffic_shaping.htm
> >
> > > THanks for all response.
> > >
> > > Sorry for my poor english...
> > >
> > Hope this helps,
> >
> > Jerry
> >
> >
> >
> -------------------------------------------------------------------------
> > This SF.Net email is sponsored by the Moblin Your Move Developer's
> > challenge
> > Build the coolest Linux based applications with Moblin SDK & win
> > great prizes
> > Grand prize is a trip for two to an Open Source event anywhere in
> > the world
> > http://moblin-contest.org/redirect.php?banner_id=100&url=/
> > <http://moblin-contest.org/redirect.php?banner_id=100&url=/>
> > _______________________________________________
> > Shorewall-users mailing list
> > [email protected]
> > <mailto:[email protected]>
> > https://lists.sourceforge.net/lists/listinfo/shorewall-users
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > -------------------------------------------------------------------------
> > This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> > Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> > Grand prize is a trip for two to an Open Source event anywhere in the
> world
> > http://moblin-contest.org/redirect.php?banner_id=100&url=/
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Shorewall-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
