On Monday 24 November 2008 10:51:13 Davide Ferrari wrote: > I know that security through obscurity is not a big deal but really, there > are details in a shorewall dump that I would like to not post to a public > ML whose archives are indexed by Google... > May I mail you by private mail, or at least some way to get attachments not > accesible by web archives?
Ok, thanks to the kind and insightful off-list help of Jerry Vonau, I managed to solve the problem. The problem basically was that I had a route_rule forcing the "generic" traffic (aka the one not directed to my production site) to ISP1, which was as a side effect making impossible to establish any kind of connection between ISP2 and the rest of the world... because every request arriving to the firewall through ISP2 was answered through the ISP1 route... you see it :) The solution was to modify the masq configuration and get rid of the route_rules forcing the generic traffic. Now I have balanced generic traffic between ISP1 and ISP2 (I'll fine tune it with traffing shaping) and the rest of the world can see my ISP2 public address (and my prod site can see ISP1 public IP as well). Thank again to jerry for his great help and to the Shorewall devs in general for this great piece of software! -- Davide Ferrari Atrapalo.com System Administrator ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
