On 2/27/2014 11:55 AM, Ryan Joiner wrote:
> -----Original Message-----
> From: Ryan Joiner [mailto:[email protected]]
> Sent: Tuesday, February 25, 2014 8:54 AM
> To: Shorewall Users
> Subject: [Shorewall-users] Multiple IP's on EM1 interface - Traffic to
> go out a specific IP for fw only
>
> Hello, I have a firewall running CentOS6 and Shorewall 4.5.4-1. We have an
> IP block 67.235.132.0/28 that the ISP has given us and our internet network
> is 192.168.11.0/24.
>
> Right now we are able to masq all the traffic in the 192.168.11.0/24 network
> and use the 67.235.132.1 IP and that works great.
>
> Is there a way to get the firewall itself to connect out using a different IP
> on the block? Is this not done in the masq config? We would like it to go
> out on a different IP for yum updates, sending out mail in postfix, and
> really any connection the firewall does, we want it to use a different IP
> like 67.235.132.2 or .3.
>
> Thank you
>
> A little more info:
>
> The masq file looks like:
>
> em1 192.168.11.0/24
>
> We have a few IP's configured on the em1 interface:
>
> Em1 is 67.235.132.1
> Em1:1 is 67.235.132.2
> Em1:2 is 67.235.132.3
> Em1:3 is 67.235.132.4
>
> ______________________________________________________
>
> Does anyone have any thoughts on this or is this a stupid question? Sorry
> and thanks.
As Simon Hobson has already pointed out, it would be much better to just use .2
for masq traffic:
em1 192.168.11.0/24 67.235.132.2
and let traffic originating on the firewall use .1 (the default). But if you
insist on doing it your way, you can try placing this in the masq file:
dm1 67.235.132.1 67.235.132.2
You can also configure most applications to bind to a particular local IP
address. In Postfix's main.cf, you specify:
smtp_bind_address=67.235.132.3
to make outgoing email originate from that IP address.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
Tom,
Thank you for the info. I did not get Simon's response. I have created a rule
in my amavis so that items are not blocked.
Thanks again! (And thanks Simon)
Ryan
------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
