On 2/27/2014 11:55 AM, Ryan Joiner wrote: > -----Original Message----- > From: Ryan Joiner [mailto:[email protected]] > Sent: Tuesday, February 25, 2014 8:54 AM > To: Shorewall Users > Subject: [Shorewall-users] Multiple IP's on EM1 interface - Traffic to go out > a specific IP for fw only > > Hello, I have a firewall running CentOS6 and Shorewall 4.5.4-1. We have an > IP block 67.235.132.0/28 that the ISP has given us and our internet network > is 192.168.11.0/24. > > Right now we are able to masq all the traffic in the 192.168.11.0/24 network > and use the 67.235.132.1 IP and that works great. > > Is there a way to get the firewall itself to connect out using a different IP > on the block? Is this not done in the masq config? We would like it to go > out on a different IP for yum updates, sending out mail in postfix, and > really any connection the firewall does, we want it to use a different IP > like 67.235.132.2 or .3. > > Thank you > > A little more info: > > The masq file looks like: > > em1 192.168.11.0/24 > > We have a few IP's configured on the em1 interface: > > Em1 is 67.235.132.1 > Em1:1 is 67.235.132.2 > Em1:2 is 67.235.132.3 > Em1:3 is 67.235.132.4 > > ______________________________________________________ > > Does anyone have any thoughts on this or is this a stupid question? Sorry > and thanks.
As Simon Hobson has already pointed out, it would be much better to just
use .2 for masq traffic:
em1 192.168.11.0/24 67.235.132.2
and let traffic originating on the firewall use .1 (the default). But if
you insist on doing it your way, you can try placing this in the masq file:
dm1 67.235.132.1 67.235.132.2
You can also configure most applications to bind to a particular local
IP address. In Postfix's main.cf, you specify:
smtp_bind_address=67.235.132.3
to make outgoing email originate from that IP address.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
