Re: [Shorewall-users] Incoming MASQ / Reverse NAT

Tue, 28 Jun 2011 09:10:38 -0700 

Hi Tom,
Thanks for taking the time to to respond to my message.>This requires:> >      
* Detecting the failure of the primary firewall. This is done>        using the 
exchange of "I'm alive" messages and there are>        daemon's for that.>      
* Upon failure, reconfigure the internal NIC's IP address (and>        
optionally its MAC address) to match the primary's.> >It doesn't really involve 
Shorewall.I'm sorry,. I don't think I articulated my problem very well.  I used 
the word failover, but in fact  it's just a bit of redundancy using a cheap DSL 
connection in case the ethernet goes offline.  It's certainly a unsophisticated 
solution, and not introducing any type or real failover.  
My network has two firewalls:
10.0.1.1 Main Firewall connect to 5Mbps ethernet10.0.1.2 Secondary Firewall 
(OpenWRT) connected to DSL
I have separate external address space for both from separate ISPs.  The web 
based application has an fqdn webapp.company.com which directs traffic through 
the main firewall.  I will create an additional fqdn of 
webapp-backup.company.com that goes to the address space on the secondary 
firewall.    If the main connection goes down the users will know to try the 
alternate backup url.  
The problem is the web server uses 10.0.1.1 as its gateway.  So my DNAT rule 
works. but of course the internal web server responds using it's default 
gateway and can't respond to request coming from the DSL.  Therefore I would 
like to do reverse masq/nat/snat, where the incoming requests to 
webapp-backup.compay.com appear to all come from 10.0.1.2 thereby allowing the 
internal web server to remain unchanged.
Simon

                                          
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to