On 07/13/2012 03:09 AM, A.Santoro wrote: > Hi there, > I have some strange problem with a multi-isp configuration. > > I have installed shorewall 4.4.11.,6 on debian squeeze. > > I have two providers connected on eth1 (ISP1) and eth2 (ISP2) by two > routers (not modem); both the connections have static public ip > address. The eth0 is the local lan interface. > > In the local lan there is a videoconference system with a local ip > address (192.168.2.10); to reach the system from outside (net) I wrote > these rules in the shorewall file rules: > > DNAT net loc:192.168.2.10 tcp 1720 > DNAT net loc:192.168.2.10 tcp 60000:64999 > DNAT net loc:192.168.2.10 udp 60000:64999 > > > I want that the videoconference use the ISP2 for the connections and I > wrote these lines in the shorewall tcrules file > > 2 192.168.2.0/24 0.0.0.0/0 tcp 1720 > 2 192.168.2.0/24 0.0.0.0/0 tcp 60000:64999 > 2 192.168.2.0/24 0.0.0.0/0 udp 60000:64999 > > (MARK_IN_FORWARD_CHAIN=No in the shorewall.conf) > > And now the problems: > - sometimes I'm not be able to call: the connection starts but frezees > during handshake fase > - when I make a call there are many retransmission errors on receive, > but when I receive a call the retransmission errors are many less or > nothing. > - sometimes (random) when I make a call the receiver see my local ip > (not my public ip) > > > Is my shorewall configuration correct or I forgot something? > > I have a similar system but with only one ISP and there are not > problems at all.
Please send me the output of 'shorewall dump' as an attachment. You can send it to me personally so it doesn't go to all 1000 list subscribers. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
