[Shorewall-users] Restoring previous multiple ISP functionality in 4.4.26

Tue, 11 Mar 2014 13:50:48 -0700 

Hello.

I've never posted to this ml before, so just wanted to say thanks for
Shorewall. It's been great been using it for years.

This server has two ISP's on different NIC's. I only really care about
responding to traffic out the same address that it originates from. I
accomplish this using two ip route tables and some ip rules.  (The same way
as described here: http://lartc.org/howto/lartc.rpdb.multiple-links.html).

This has worked great for a long time, but I recently ugraded from
shorewall 4.4.6 to 4.4.26 (by means of Ubuntu LTS upgrade). Now none of the
firewall rules match the secondary interface in shorewall so I cannot serve
any services on it. Is there any easy fix here, or am I going to have to
change a bit of Shorewall configuration to keep using it?

I've scoured this link here: http://shorewall.net/MultiISP.html   Looks
like a new "provider" file is to be given. If I have rto econfigure the
server as specified, will this do away with my old ip route script?

A very strange behavior of the system now is that the secondary public ip
address cannot be pinged from anywhere besides the local public network
when shorewall is turned on. So it's like disabling traffic out the
secondary gateway perhaps?

interfaces
net     eth0        detect      tcpflags,nosmurfs,routefilter,blacklist
net     eth1        detect      tcpflags,nosmurfs,routefilter,blacklist
loc     eth2        detect      tcpflags


zones
fw firewall
net ipv4
vpn:net ipv4
loc ipv4

policy
#loc    net    ACCEPT
#net    all    DROP info

$FW         net         REJECT      info

vpn         $FW         ACCEPT
# THE FOLLOWING POLICY MUST BE LAST
all    all    REJECT info

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to