Hi there, I have some strange problem with a multi-isp configuration. I have installed shorewall 4.4.11.,6 on debian squeeze.
I have two providers connected on eth1 (ISP1) and eth2 (ISP2) by two routers (not modem); both the connections have static public ip address. The eth0 is the local lan interface. In the local lan there is a videoconference system with a local ip address (192.168.2.10); to reach the system from outside (net) I wrote these rules in the shorewall file rules: DNAT net loc:192.168.2.10 tcp 1720 DNAT net loc:192.168.2.10 tcp 60000:64999 DNAT net loc:192.168.2.10 udp 60000:64999 I want that the videoconference use the ISP2 for the connections and I wrote these lines in the shorewall tcrules file 2 192.168.2.0/24 0.0.0.0/0 tcp 1720 2 192.168.2.0/24 0.0.0.0/0 tcp 60000:64999 2 192.168.2.0/24 0.0.0.0/0 udp 60000:64999 (MARK_IN_FORWARD_CHAIN=No in the shorewall.conf) And now the problems: - sometimes I'm not be able to call: the connection starts but frezees during handshake fase - when I make a call there are many retransmission errors on receive, but when I receive a call the retransmission errors are many less or nothing. - sometimes (random) when I make a call the receiver see my local ip (not my public ip) Is my shorewall configuration correct or I forgot something? I have a similar system but with only one ISP and there are not problems at all. Thanks in advance for your answer... and sorry for my little english. A. Santoro ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
