c.mo...@web.de wrote:

> Hello!
>  
> I need your support to define an appropriate configuration for the network 
> architecture I have documented in the attachment.
>  
> There are some things that make this network architecture "special":
> 1. 2 default gateways according to this howto 
> https://www.thomas-krenn.com/en/wiki/Two_Default_Gateways_on_One_System

That isn't two default gateways - it's routing rules to handle more than one 
gateway. There is a significant difference and the very suggestion of two 
default routes is an oxymoron !

> 2. Routed configuration on Proxmox VE server according to this howto 
> https://pve.proxmox.com/wiki/Network_Model#Routed_Configuration
> 3. Masquerading (NAT) on 2 NICS according to this howto 
> https://pve.proxmox.com/wiki/Network_Model#Masquerading_.28NAT.29
>  
> The definition of 2 default gateways ensures that any traffic on LAN 
> 192.168.178.0/24 will communicate via gateway 192.168.178.1, and any other 
> traffic on LAN 10.0.0.0/24 and DMZ 10.1.0.0/24 will communicate via gateway 
> 10.0.0.1 and 10.1.0.1 respectively.
>  
> This configuration is working based on the howto guides w/o firewall.
> The challenge is to add firewall functionality, but I don't know if I need to 
> revert back the modifications in/etc/network/interfaces or 
> /etc/iproute2/rt_tables.
>  
> The main question is:
> Who can support with the configuration of shorewall?
> How should /etc/shorewall/interfaces be defined?
> How many zones should be in /etc/shorewall/zones?
> Do I need to define multiple providers in /etc/shorewall/provides to enable 2 
> default gateways?

My suggestion ...
Start with http://shorewall.net/MultiISP.html
Don't do any routing/NAT/whatever setup outside of Shorewall - otherwise you'll 
just get conflicts. Just have the most basic network setup in the OS - ie 
configure the interfaces and a single default route only.

Then your providers file defines the providers (ISPs), your masq file defines 
the NAT rules, rtrules defines any non-default rules (specifically source 
routing to route one of your networks via the second provider), and the rest 
should be fairly automagic.



------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to