c.mo...@web.de wrote: > Hello! > > I need your support to define an appropriate configuration for the network > architecture I have documented in the attachment. > > There are some things that make this network architecture "special": > 1. 2 default gateways according to this howto > https://www.thomas-krenn.com/en/wiki/Two_Default_Gateways_on_One_System
That isn't two default gateways - it's routing rules to handle more than one gateway. There is a significant difference and the very suggestion of two default routes is an oxymoron ! > 2. Routed configuration on Proxmox VE server according to this howto > https://pve.proxmox.com/wiki/Network_Model#Routed_Configuration > 3. Masquerading (NAT) on 2 NICS according to this howto > https://pve.proxmox.com/wiki/Network_Model#Masquerading_.28NAT.29 > > The definition of 2 default gateways ensures that any traffic on LAN > 192.168.178.0/24 will communicate via gateway 192.168.178.1, and any other > traffic on LAN 10.0.0.0/24 and DMZ 10.1.0.0/24 will communicate via gateway > 10.0.0.1 and 10.1.0.1 respectively. > > This configuration is working based on the howto guides w/o firewall. > The challenge is to add firewall functionality, but I don't know if I need to > revert back the modifications in/etc/network/interfaces or > /etc/iproute2/rt_tables. > > The main question is: > Who can support with the configuration of shorewall? > How should /etc/shorewall/interfaces be defined? > How many zones should be in /etc/shorewall/zones? > Do I need to define multiple providers in /etc/shorewall/provides to enable 2 > default gateways? My suggestion ... Start with http://shorewall.net/MultiISP.html Don't do any routing/NAT/whatever setup outside of Shorewall - otherwise you'll just get conflicts. Just have the most basic network setup in the OS - ie configure the interfaces and a single default route only. Then your providers file defines the providers (ISPs), your masq file defines the NAT rules, rtrules defines any non-default rules (specifically source routing to route one of your networks via the second provider), and the rest should be fairly automagic. ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users