Hello,
I have shorewall 4.55 on CentOS 6.5 machine.
I have two nics , eth0 is internal lan and eth1 uses vlan tagging to
connect to two ISP (with reported fake addresses of course)
/eth1.5 ------ ISP1 (1.1.1.1)
some lans --- eth0 --FW-- eth1
\eth1.89 ------ ISP2 (2.2.2.2)
[root@FW shorewall]# cat /proc/net/vlan/config
VLAN Dev name | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
eth1.5 | 5 | eth1
eth1.89 | 89 | eth1
[root@FW shorewall]# cat /proc/net/vlan/config
[-- omitted output]
default
nexthop via 89.96.153.137 dev eth1.89 weight 2
nexthop via 2.32.75.193 dev eth1.5 weight 1
/etc/shorewall/interfaces
#ZONE INTERFACE BROADCAST OPTIONS
- eth0 detect
net eth1.5
net eth1.89
vpn tun+
/etc/shorewall/providers
#NAME NUMBER MARK DUPLICATE INTERFACE
GATEWAY OPTIONS COPY
ISP1 1 1 main eth1.89 2.2.2.2
track,balance eth0
ISP2 2 2 main eth1.5 1.1.1.1
track,balance eth0
/etc/shorewall/masq
eth1.5 10.1.1.0/24 1.1.1.x
eth1.89 10.1.1.0/24 2.2.2.y
[root@FW shorewall]# shorewall show zones
Shorewall 4.5.4 Zones at FW - Tue Nov 10 15:13:29 CET 2015
fw (firewall)
loc (ipv4)
eth0:10.1.1.0/24
vpn (ipv4)
tun+:0.0.0.0/0
net (ipv4)
eth1.5:0.0.0.0/0
eth1.89:0.0.0.0/0
I used the rules file of another shorewall running with single ISP, plus
I addes a first rule ito explicitly allow ping from lan to internet.
ACCEPT loc net icmp
When i ping from lan to internet, firewall replies with "Destination
host unreachable"
Any help would be appreciated.
Thanks in advance.
Federico Maccioni
------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
