Brian J. Murrell wrote: > On Fri, 2007-02-09 at 19:38 -0600, Jerry Vonau wrote: >> Just wondering how you have your masq file setup, I hope your using the >> SNAT column in there. > > Yeah, I wondered if it could be that "make sure the packet has the right > source address for the interface it's leaving on" masquing going on too, > but no, it seems right: > > Chain ppp0_masq (1 references) > ... > 0 0 SNAT all -- * * 72.38.184.236 0.0.0.0/0 > policy match dir out pol none to:66.11.173.224 > > Chain eth1_masq (1 references) > ... > 7 668 SNAT all -- * * 66.11.173.224 0.0.0.0/0 > policy match dir out pol none to:72.38.184.236 > > where eth1==72.38.184.236 and ppp0==66.11.173.224. > > b. >
I guess you missed this part from the Multi-ISP page: ------ Regardless of whether you have masqueraded hosts or not, YOU MUST ADD THESE TWO ENTRIES TO /etc/shorewall/masq: #INTERFACE SUBNET ADDRESS eth0 130.252.99.27 206.124.146.176 eth1 206.124.146.176 130.252.99.27 Those entries ensure that traffic originating on the firewall always has the source IP address corresponding to the interface that it is routed out of. ----- You should have these entries in there also: eth1 66.11.173.224 72.38.184.236 ppp0 72.38.184.236 66.11.173.224 Jerry ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
