Re: [Shorewall-users] Two ISPs setup: sometimes wrong source IP on one Interface

2013-11-13 Thread Axel Zöllich
> You will need to purge the wrong conntrack entries before it will work > correctly. Thank you, looks very well now. But I don't really understand my configurations gaps. Every used local network was SNATed and this isn't enough? > > (by the way: is it packet or package?) > > In the US, it is

Re: [Shorewall-users] Two ISPs setup: sometimes wrong source IP on one Interface

2013-11-13 Thread Tom Eastep
On 11/13/2013 3:47 AM, Axel Zöllich wrote: >> It's not. Why don't you simply have this? >> >> ppp0 0.0.0.0/0 bbb.142.152.192 >> eth4 0.0.0.0/0 .117.77.218 >> >> That way, any packet leaving either interface will always have the >> proper source IP. > > I changed my configuration to

Re: [Shorewall-users] Two ISPs setup: sometimes wrong source IP on one Interface

2013-11-13 Thread Axel Zöllich
> It's not. Why don't you simply have this? > > ppp0 0.0.0.0/0 bbb.142.152.192 > eth4 0.0.0.0/0 .117.77.218 > > That way, any packet leaving either interface will always have the > proper source IP. I changed my configuration to: masq: ppp00.0.0.0/0 bbb.152.162

Re: [Shorewall-users] Two ISPs setup: sometimes wrong source IP on one Interface

2013-11-12 Thread Tom Eastep
On 11/12/2013 3:25 PM, Axel Zöllich wrote: >>> I forgot to say that this is only the case for packages originating from >>> the firewall itself. SNATed packages from the local network are handled >>> correctly. >> Look carefully at http://www.shorewall.org/MultiISP.html#idp1955662608. >> You are mi

Re: [Shorewall-users] Two ISPs setup: sometimes wrong source IP on one Interface

2013-11-12 Thread Axel Zöllich
> > I forgot to say that this is only the case for packages originating from > > the firewall itself. SNATed packages from the local network are handled > > correctly. > Look carefully at http://www.shorewall.org/MultiISP.html#idp1955662608. > You are missing two entries. As i've got no public sub

Re: [Shorewall-users] Two ISPs setup: sometimes wrong source IP on one Interface

2013-11-12 Thread Tom Eastep
On 11/12/2013 2:34 PM, Axel Zöllich wrote: > I forgot to say that this is only the case for packages originating from the > firewall itself. SNATed packages from the local network are handled correctly. Look carefully at http://www.shorewall.org/MultiISP.html#idp1955662608. You are missing two en

Re: [Shorewall-users] Two ISPs setup: sometimes wrong source IP on one Interface

2013-11-12 Thread Axel Zöllich
I forgot to say that this is only the case for packages originating from the firewall itself. SNATed packages from the local network are handled correctly. Axel -- Wir verwenden ausschließlich blaue Elektronen aus biologischem Anbau.

[Shorewall-users] Two ISPs setup: sometimes wrong source IP on one Interface

2013-11-12 Thread Axel Zöllich
Hi, in my two ISPs Setup every package except that for aaa.117.77.217 should be routed via the ppp0 (tcom) interface. provider: tcom1 0x100 - ppp0- balance=2 - netco 2 0x200 - eth4aaa.117.77.217 bala