Hi All! I only ever have complex setups. Customer site has a dedicated leased line from their ISP terminating on a Cisco router. Router is configuered with the first usable address on a /28 network - 196.x.y.73. The linux firewall is configured with the remaining 5 ip's, 196.x.y.74 to 196.x.y.78 and 79 as the broadcast. Sounds normal but here is the twist. The primary or first ip address ip adds is the 76 one as the primary and then 74, 77, 78 and finally 75. I inherited a very ancient ipchains firewall with the config and I know there had been some reason for it! The A record that the MX points to is 196.x.y.76. My old iptables firewall works fine with this weird setup and the local admin website, sshd server and smtp server are all accesable from the 'net. There are a bunch of dnat rules that use the other ip addresses for /net access to local inhouse servers. A new twisted was added in with a wireless based internet connection intended as webrowseing via squid on the firewall and as an smtp mail backup. It has a stic ip address hidden behind the Mikrotik router. local lan port on the Mikrotik is 172.21.1.1 and I have used 172.21.1.2/28 as a second isp connection on the same network interface (eth1) as the dedicated line.Not really ready to use yet other than speed and capacity tests when I add a static route for the purpose. Just ignore this extra bit.
The problem now comes when trying to connect ssh or smtp to the A record that points to the 196.x.y.76 ip! I see packets arrive with tcpdump but the firewall remains silent! Now if i ssh or smtp to 196.x.y.74 ip address it works! Quick phix is quite simple really. Get ISP dudes to change the A record. They will have to add an extra A record anyway for an aql connection. Is there another way around this issue? I did a quick test of the squid server trying to force it out of the 172.21.1.2 ip addresses just as a test a bit earlier today but it failed with squid reporting a routing loop. I might have missed something in the config but it's not the show stopper! Cheers Ang! -- Angela Williams angierfw at gmail dot com Linux/Networking Hacker Blog http://angierfw.wordpress.com Smile! Jesus Loves You! ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
