Re: [Shorewall-users] problem with mangle table

Tue, 30 Sep 2014 12:48:37 -0700 

On 9/30/2014 1:32 AM, [email protected] wrote:
> Hi all,
> I'm new to this list so "hi! and thanks for any support you can give me :)".
> 
> I'm experiencing a problem with packet mangling ( I think ), in my
> configuration there are 2 providers, balanced in this way
> 
> prov1  1    1    -        eth0        x.x.x.x    track,balance    -
> prov2   2    2    -        eth2        y.y.y.y    track,balance    -
> 
> all is working, the packets are put out of the interfaces in a round
> robin like method.
> 
> but now, my customer wants that an ftp service behind firewall is
> exposed only trought prov1, so I decided to act in this way:
> 
> rules file:
> DNAT    net    loc:x.x.x.211    tcp    20    -    ip_pub_on_provider_1
> DNAT    net    loc:x.x.x.211    tcp    21    -    ip_pub_on_provider_1
> 

The second rule is fine -- the first rule is bogus and not needed.

> mangle file:
> MARK(1):P          x.x.x.211/32 0.0.0.0/0 <http://0.0.0.0/0>      all

You shouldn't need that either.
> 
> 
> But, the connections are not allways going out with eth0, sometimes
> going out with eth2.
> 

Active mode ftp should 'just work' in this environment - please send the
output of 'shorewall dump' collected as described at
http://www.shorewall.net/support.htm#Guidelines. You can send it to me
privately if you like.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to