Re: [Shorewall-users] Two Firewalls Two ISP One DMZ Server

Sun, 20 Nov 2011 13:14:09 -0800 

On Nov 18, 2011, at 6:31 AM, Leandro wrote:
> I have 2 firewalls with the 2 ISPs each one.
> I have a server in DMZ.
>  
> (IP addresses below are examples)
>  
> FW1
>     eth0    dmz    10.10.10.1/24
>     eth1    inet    1.1.1.1/24 gw 1.1.1.100 (ISP1)
>     eth2    inet    2.2.2.1/24 gw 2.2.2.100 (ISP2)
>  
> 
> FW2
>     eth0    dmz    10.10.10.2/24
>     eth1    inet    1.1.1.2/24 gw 1.1.1.100 (ISP1)
>     eth2    inet    2.2.2.2/24 gw 2.2.2.100 (ISP2)
>  
> 
> ROUTER ISP1 1.1.1.100
> ROUTER ISP2 2.2.2.100
>  
> 
> SERVER
>     eth0 dmz 10.10.10.10
>  
> 
>  
> I want that incoming connections from ISP1 FW1 port XX to be forwarded to 
> SERVER port XX, and the packet to be routed back to FW1 to reach internet
> I want that incoming connections from ISP2 FW1 port XX to be forwarded to 
> SERVER port XX, and the packet to be routed back to FW1 to reach internet
>  
> I want that incoming connections from ISP1 FW2 port XX to be forwarded to 
> SERVER port XX, and the packet to be routed back to FW2 to reach internet
> I want that incoming connections from ISP2 FW2 port XX to be forwarded to 
> SERVER port XX, and the packet to be routed back to FW2 to reach internet
>  
> 
> What I should set in shorewall FW1, shorewall FW2, and shorewall SERVER ?
>  

Set 'track' on all providers. FW1 and FW2 just need normal DNAT rules. The 
SERVER needs a multi-ISP configuration like is described at 
http://ipv6.shorewall.net/MultiISP.html#Shared.

-Tom

Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to