Sorry I haven't subscribe to the group a my first send so juste resending it to be in touch :)
Jean-Philippe Maret Directeur des systèmes d'information Idep Multimedia 26, Rue Bellcordière 69002 Lyon Tel. : +33 (0) 826.100.122 Fax : +33 (0) 437.499.768 ----- Mail transféré ----- De: "Jean-Philippe Maret" <[email protected]> À: [email protected] Envoyé: Mardi 25 Janvier 2011 13:27:13 Objet: Multiple Aliasses Hi, I've got a running shorewall with a lan on eth0 and 3 providers plus a vpn gateway. Shorewall stats gracefully and traffic shapping works great. On of my isp provide a /28 bloc wicj i'd like to use for DNAT purposes. here's a view of this insterface : ip addr show eth3 5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb state UNKNOWN qlen 1000 link/ether 00:1e:58:df:ea:ae brd ff:ff:ff:ff:ff:ff inet 92.103.57.66/28 brd 92.103.57.79 scope global eth3 inet 92.103.57.67/28 brd 92.103.57.79 scope global secondary eth3:67 inet 92.103.57.68/28 brd 92.103.57.79 scope global secondary eth3:68 inet 92.103.57.69/28 brd 92.103.57.79 scope global secondary eth3:69 inet 92.103.57.70/28 brd 92.103.57.79 scope global secondary eth3:70 inet 92.103.57.71/28 brd 92.103.57.79 scope global secondary eth3:71 inet 92.103.57.72/28 brd 92.103.57.79 scope global secondary eth3:72 inet 92.103.57.73/28 brd 92.103.57.79 scope global secondary eth3:73 inet 92.103.57.74/28 brd 92.103.57.79 scope global secondary eth3:74 inet 92.103.57.75/28 brd 92.103.57.79 scope global secondary eth3:75 inet 92.103.57.76/28 brd 92.103.57.79 scope global secondary eth3:76 inet 92.103.57.77/28 brd 92.103.57.79 scope global secondary eth3:77 inet 92.103.57.78/28 brd 92.103.57.79 scope global secondary eth3:78 inet6 fe80::21e:58ff:fedf:eaae/64 scope link valid_lft forever preferred_lft forever My only problem is that for strange reason only eth3 and eth3:71 respond to ping or works with DNAT rules. When shorewall is stopped all the range respond to ping. here a view on ip route : 10.123.0.1 via 10.123.0.10 dev tun0 10.123.0.10 dev tun0 proto kernel scope link src 10.123.0.9 92.103.57.64/28 dev eth3 proto kernel scope link src 92.103.57.66 192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.100 82.224.36.0/24 dev eth1 proto kernel scope link src 82.224.36.63 10.71.2.0/24 dev eth0 proto kernel scope link src 10.71.2.2 10.99.0.0/18 via 10.123.0.10 dev tun0 10.75.0.0/18 via 10.123.0.10 dev tun0 default via 92.103.57.65 dev eth3 default via 192.168.1.1 dev eth2 default via 82.224.36.254 dev eth1 Does anyone have an idea ? Many thanks in advance. Jean-Philippe Maret Directeur des systèmes d'information Idep Multimedia 26, Rue Bellcordière 69002 Lyon Tel. : +33 (0) 826.100.122 Fax : +33 (0) 437.499.768
dump.tgz
Description: application/compressed-tar
------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
