On 11/12/2013 3:25 PM, Axel Zöllich wrote: >>> I forgot to say that this is only the case for packages originating from >>> the firewall itself. SNATed packages from the local network are handled >>> correctly. >> Look carefully at http://www.shorewall.org/MultiISP.html#idp1955662608. >> You are missing two entries. > > As i've got no public subnet behind the firewall (but outside) I thought this > is sufficient: > > masq: > ppp0 192.168.122.0/24 bbb.152.162.192 > eth4 192.168.122.0/24 aaa.117.77.218 > ppp0 192.168.222.0/24 bbb.152.162.192 > eth4 192.168.222.0/24 aaa.117.77.218 > ppp0 192.168.223.0/24 bbb.152.162.192 > eth4 192.168.223.0/24 aaa.117.77.218 > ppp0 10.8.0.0/16 bbb.152.162.192 > eth4 10.8.0.0/16 aaa.117.77.218
It's not. Why don't you simply have this? ppp0 0.0.0.0/0 bbb.142.152.192 eth4 0.0.0.0/0 aaaa.117.77.218 That way, any packet leaving either interface will always have the proper source IP. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access Free app hosting. Or install the open source package on any LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
