Tom,
I had already set FW1, FW2 and DNAT in both, and everything worked and
works fine.
Could you detail the configuration of SERVER ?
I had set MultiISP configuration in SERVER but it didn't work.
Is this a problem that its interface has a private IP ?
Regards.
Leandro.
----- Original Message -----
From: Tom Eastep
To: Shorewall Users
Sent: Sunday, November 20, 2011 6:09 PM
Subject: Re: [Shorewall-users] Two Firewalls Two ISP One DMZ Server
On Nov 18, 2011, at 6:31 AM, Leandro wrote:
I have 2 firewalls with the 2 ISPs each one.
I have a server in DMZ.
(IP addresses below are examples)
FW1
eth0 dmz 10.10.10.1/24
eth1 inet 1.1.1.1/24 gw 1.1.1.100 (ISP1)
eth2 inet 2.2.2.1/24 gw 2.2.2.100 (ISP2)
FW2
eth0 dmz 10.10.10.2/24
eth1 inet 1.1.1.2/24 gw 1.1.1.100 (ISP1)
eth2 inet 2.2.2.2/24 gw 2.2.2.100 (ISP2)
ROUTER ISP1 1.1.1.100
ROUTER ISP2 2.2.2.100
SERVER
eth0 dmz 10.10.10.10
I want that incoming connections from ISP1 FW1 port XX to be forwarded to
SERVER port XX, and the packet to be routed back to FW1 to reach internet
I want that incoming connections from ISP2 FW1 port XX to be forwarded to
SERVER port XX, and the packet to be routed back to FW1 to reach internet
I want that incoming connections from ISP1 FW2 port XX to be forwarded to
SERVER port XX, and the packet to be routed back to FW2 to reach internet
I want that incoming connections from ISP2 FW2 port XX to be forwarded to
SERVER port XX, and the packet to be routed back to FW2 to reach internet
What I should set in shorewall FW1, shorewall FW2, and shorewall SERVER ?
Set 'track' on all providers. FW1 and FW2 just need normal DNAT rules. The
SERVER needs a multi-ISP configuration like is described at
http://ipv6.shorewall.net/MultiISP.html#Shared.
-Tom
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
