Hello,
I'm trying to setup an 8 port wan configuration (pptp+pppoe) with one vlan
trunk.
My internal networks are :
LAN(eth9): 10.0.0.0/16
VLAN10(eth9) 10.10.0.0/24
VLAN20(eth9) 10.20.0.0/24
VLAN30(eth9) 10.30.0.0/24
VLAN100(eth9) 10.100.0.0/24
I would like to post my configuration here since i don't success to do the
following:
1. Communicate between VLANxx to LAN & outside.
2. Failover between interfaces, so if one goes down the other one goes up.
3. Routing based on device model (VLAN10 gateway will be ppp0 and in a case of
failover it will jump to ppp1 for example)
post of my config files:
interfaces:
#NET
net0 ppp0 detect tcpflags,dhcp,routefilter,nosmurfs
net1 ppp1 detect tcpflags,dhcp,routefilter,nosmurfs
net2 ppp2 detect tcpflags,dhcp,routefilter,nosmurfs
net3 ppp3 detect tcpflags,dhcp,routefilter,nosmurfs
#WAN
wan0 eth0 detect tcpflags,routefilter,nosmurfs
wan1 eth1 detect tcpflags,routefilter,nosmurfs
wan2 eth2 detect tcpflags,routefilter,nosmurfs
wan3 eth3 detect tcpflags,routefilter,nosmurfs
dmz eth8 detect
# LOCAL
loc eth9 detect tcpflags,nosmurfs,detectnets
# VLAN
v10 vlan10 detect tcpflags,nosmurfs,detectnets
v20 vlan20 detect tcpflags,nosmurfs,detectnets
v30 vlan30 detect tcpflags,nosmurfs,detectnets
v100 vlan100 detect tcpflags,nosmurfs,detectnets
masq:
eth9 10.10.0.0/24
eth9 10.20.0.0/24
eth9 10.30.0.0/24
eth9 10.100.0.0/24
ppp0 vlan10
ppp1 vlan20
ppp2 vlan30
ppp3 vlan100
policy:
# on your firewall, change the loc to net policy to REJECT info.
v10 all ACCEPT info
v20 all ACCEPT info
v30 all ACCEPT info
v100 all ACCEPT info
wan0 all ACCEPT info
wan1 all ACCEPT info
wan2 all ACCEPT info
wan3 all ACCEPT info
loc all ACCEPT info
# Policies for traffic originating from the firewall ($FW)
#
# If you want open access to the Internet from your firewall, change the
# $FW to net policy to ACCEPT and remove the 'ULOG' LOG LEVEL.
# This may be useful if you run a proxy server on the firewall.
$FW net0 ACCEPT info
$FW net1 ACCEPT info
$FW net2 ACCEPT info
$FW net3 ACCEPT info
$FW loc ACCEPT info
$FW all ACCEPT info
# THE FOLLOWING POLICY MUST BE LAST
all all REJECT info
providers:
bzq1 1 1 main ppp0 - track,balance vlan10
bzq2 2 2 main ppp1 - track,balance vlan20
zhav1 3 3 main ppp2 - track,balance vlan30
netv1 4 4 main ppp3 - track,balance vlan100
rules:
SSH/ACCEPT all all
Ping/ACCEPT all all - - - - 1/sec:100
pptpserver net0 0.0.0.0/0
pptpserver net1 0.0.0.0/0
pptpserver net2 0.0.0.0/0
pptpserver net3 0.0.0.0/0
zones:
fw firewall
dmz ipv4
# NET
net0 ipv4
net1 ipv4
net2 ipv4
net3 ipv4
# WAN
wan0 ipv4
wan1 ipv4
wan2 ipv4
wan3 ipv4
# LOCAL
loc ipv4
v10 ipv4
v20 ipv4
v30 ipv4
v100 ipv4
Any help will be appreciated.
Thank you.
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
