[Shorewall-users] Shorewall 4.4.6 and Multiple ISP with 2 routed subnets

Thu, 21 Jan 2010 01:34:43 -0800 

Hello,

 

I have 2 ISP uplinks (zones: inet1 and inet2), each with a fixed IP on the 
outside and a routed subnet (/25 and /26) on the inside. So, behind the 
firewall i have 2 networksegments (lan1 and lan2) with public IP-addresses. The 
segments are completely isolated from eachother: hosts in zone "lan1" connect 
only to "inet1" and hosts in zone "lan2" only connect to "inet2".

 

Because the segements don't have to switch ISP, loadbalancing is not used.

 

Now I have the folowing files:

 

interfaces:

#ZONE   INTERFACE       BROADCAST       OPTIONS
inet1      eth0               detect              tcpflags,routeback

lan1       eth1               detect              tcpflags,routeback
inet2      eth2               detect              tcpflags,routeback

lan2       eth3               detect              tcpflags,routeback

 

 

masq:

# INTERFACE     SUBNET          ADDRESS
eth0            $ETH0_IP        217.100.100.10
eth2            $ETH2_IP        217.132.100.100


eth0    eth1
eth2    eth3


 

params:

ETH0_IP=$(find_first_interface_address eth2)
ETH2_IP=$(find_first_interface_address eth0)


 

providers:

#NAME   NUMBER  MARK    DUPLICATE       INTERFACE       GATEWAY           
OPTIONS         COPY
ISP1      1           1          main               eth0                
217.100.100.254  track,balance   eth1
ISP2      2           2          main               eth2                
213.132.100.254  track,balance   eth3


 

route_rules:

#SOURCE             DEST                  PROVIDER     PRIORITY

eth0                    -                       ISP1            1000
eth2                    -                       ISP2            1000


 

tcfilters:

#INTERFACE:     SOURCE          DEST            PROTO   DEST    SOURCE   TOS    
        LENGTH
#CLASS                                                  PORT(S) PORT(S)
1:P            eth1            0.0.0.0/0       all
2:P            eth3            0.0.0.0/0       all



tcrules:

#MARK   SOURCE          DEST            PROTO   DEST    SOURCE  USER    TEST    
LENGTH  TOS   CONNBYTES

1:P       eth1               0.0.0.0/0       all
2:P       eth3               0.0.0.0/0       all


 

zones:

#ZONE   TYPE            OPTIONS

fw         firewall
inet1      ipv4
lan1       ipv4
inet2      ipv4
lan2       ipv4


I know how to use the files 'policy' and 'rules', so i haven't published these 
above. 

 

When I start shorewall I get the folowing error:

"ERROR: Undefined INTERFACE number (1) : /etc/shorewall/tcfilters"

 

What goes wrong?

 

Thanks!

 
                                          
_________________________________________________________________
Een netbook met Windows 7? Hier vind je alles dat je moet weten.
www.windows.nl/netbook
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to