On Aug 3, 2011, at 7:42 AM, Jamie Begin wrote:
> I'm using Shorewall with a load-balanced muti-ISP config along with LSM for
> failover. It's working great, except for DNS requests. I'd appreciate some
> advice on how to best configure this.
>
> The WAN connections are a T1 through XO and a cable connection through
> Comcast. About 80% of the traffic is routed out the Comcast connection under
> normal connections. I would like to ensure that DNS requests that leave the
> Comcast interface are routed to Comcast's DNS servers and vice versa for XO.
> I know I can add some entries in tc-rules, but this only solves part of the
> problem. It still requires that clients know which DNS server to request.
> But since the client has no idea which WAN interface the request will travel
> through, it can't know whether to send the lookup to Comcast or XO's DNS
> server.
>
> I suspect that I need to do some time of outgoing NAT. But I'm not sure if
> I'm over-complicating things. And if I'm not, how do I configure something
> like this? Thanks!
>
I suggest that you run a caching-only name server on the firewall and not
bother with your ISPs' name servers.
-Tom
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
The must-attend event for mobile developers. Connect with experts.
Get tools for creating Super Apps. See the latest technologies.
Sessions, hands-on labs, demos & much more. Register early & save!
http://p.sf.net/sfu/rim-blackberry-1
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
