Hi! Progress is much better now with my new install with not many problems left!
I just have a simple - I hope - question. I have a few users that need access to the net via masquerade rules. The rest have to go via squid on the firewall. That all works well. I also have two windows servers that also need access to the net but they have to each use a specific outgoing ip address. I add two snat rules to the masq file. Then I got a bit confused yet again. I get confused quite easily when trying to implement new stuff and support crying customers and fools with isa things. What I did was exclude the two internal ip addresses in the masq rule like this with the snats below. (Does not quite do what I expected!) # The masq rules. eth1(2) is the new wireless ISP connection - still #needs work and testing # eth1 is internet facing eth0 is local lan eth1(1) 192.168.9.146,192.168.9.113,192.168.9.114,192.168.9.124! \192.168.9.250,192.168.9.4 196.17.238.74 eth1(2) 192.168.10.0/24 172.21.1.2 # Do the snats! eth0 192.168.9.250 196.17.238.76 eth0 192.168.9.4 196.17.238.77 So the question is. do I need to negate the 9.250 and 9.4 servers from the masq list. Right now I have the two snat rules commented out and the 9.250 and 9.4 servers in the masq list - I changed the ! to a , and although 9.250 is going out on the wrong ip address it's now a train smash yet. The programs that need the special ip's only run now and again and are not madly critical. Cheers Ang -- Angela Williams angierfw at gmail dot com Linux/Networking Hacker Blog http://angierfw.wordpress.com Smile! Jesus Loves You! ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
