[Shorewall-users] routing through a specific isp Shorewall Users

Alessandro Fri, 07 Jan 2011 11:21:21 -0800

Hi all,
   I have two isp, and I set the configuration as for the following example
http://www.shorewall.net/MultiISP.html#Example1



Interfaces are:
loc     eth0            detect          
dhcp,tcpflags,detectnets,nosmurfs,routeback
net     eth2            detect          
tcpflags,routefilter,nosmurfs,logmartians
net     eth1            detect          
tcpflags,routefilter,nosmurfs,logmartians


My "providers" are:
TELE    2       2       main            eth2            192.168.2.1     
track,balance   eth0
ALBA    9       9       main            eth1            192.168.9.1     
track,balance   eth0



When tcrules is:
9    eth0            0.0.0.0/0     tcp     80
is all ok: I'm able to route the http request through the ALBA provider 
(eth0 is the local lan)
As far the eth2 interface is the default gateway, It happens that the 
firewall goes on internet through the TELE isp.



First problem: if I remove the "balance" flag the local lan come back to 
the TELE isp. Is it normal? I don't want balance the traffic among the 
isp, but I can't get it work without this flag.

Second problem: suppose to set the "balance" flag again (but, at the 
end, I'd like to remove it). If I want the firewall use the same ALBA 
isp I write (in tcrules):
9   $FW          0.0.0.0/0     tcp     80

but it doesn't work: the browser wait for the answer, untill timeout 
error, while the local lan goes through the ALBA isp.
In the same time I see the following rows in the logs:
... martian source 192.168.2.3 from [the ip I try to connect to], on dev 
eth1

It is a "masquerading" problem? I set it as in "masq" as:
eth2                    !192.168.2.3/29       192.168.2.3
eth1                    !192.168.9.3/29       192.168.9.3

Thank for any help
Obviously I can give any configuration file you need.
Alessandro



------------------------------------------------------------------------------
Gaining the trust of online customers is vital for the success of any company
that requires sensitive data to be transmitted over the Web.   Learn how to 
best implement a security strategy that keeps consumers' information secure 
and instills the confidence they need to proceed with transactions.
http://p.sf.net/sfu/oracle-sfdevnl 
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

[Shorewall-users] routing through a specific isp Shorewall Users

Reply via email to