Hi! I seem to have found an extra feature in my setup! Two ISP connections on the same network interface. I have a DNAT rule that DNAT's port 443 from and external ip address on ISP1 to an internal M$ exchange server for OWA. I have a line in the tcrules like this
1 $FW 0.0.0.0/0 tcp 443 Mark of 1 is my /29 network range ISP1 I have configured squid to use ISP2 link which is a /30 addressed link All worked well until the customer decided that today was the day to do internet banking! Squid says https? Better go direct! So out it goes on the wrong link - ISP1 Most unfair. I did a quick phix by adding a manual route to the banks secure web server. Is there a way around this feature? A new line like this in tcrules? 2 $FW 0.0.0.0/0 tcp 443 or maybe 2:P would be the correct solution. We have had lots of routing issues with our only fixed line provider here is S Africa so it is a bit more difficult to resolve things! Both the ISP's we use for this customer are connected to the local peering point via the fixed line provider, The joys of State owned companies! Cheers Ang -- Angela Williams angierfw at gmail dot com Linux/Networking Hacker Blog http://angierfw.wordpress.com Smile! Jesus Loves You! ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
