On Fri, 2007-02-09 at 20:09 -0600, Jerry Vonau wrote: > Brian J. Murrell wrote: > > > > Chain ppp0_masq (1 references) > > ... > > 0 0 SNAT all -- * * 72.38.184.236 > > 0.0.0.0/0 policy match dir out pol none to:66.11.173.224 > > > > Chain eth1_masq (1 references) > > ... > > 7 668 SNAT all -- * * 66.11.173.224 > > 0.0.0.0/0 policy match dir out pol none to:72.38.184.236 > > > > where eth1==72.38.184.236 and ppp0==66.11.173.224. > > > > b. > > > > I guess you missed this part from the Multi-ISP page: > ------ > Regardless of whether you have masqueraded hosts or not, YOU MUST ADD > THESE TWO ENTRIES TO /etc/shorewall/masq: > > #INTERFACE SUBNET ADDRESS > eth0 130.252.99.27 206.124.146.176 > eth1 206.124.146.176 130.252.99.27
No I didn't: #INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC ... eth1 66.11.173.224 $ETH1_IP ppp0 $ETH1_IP 66.11.173.224 > Those entries ensure that traffic originating on the firewall always has > the source IP address corresponding to the interface that it is routed > out of. Right. Which AFAIK translates into the two rules in the two chains I pasted in my last e-mail (and are above). > You should have these entries in there also: > > eth1 66.11.173.224 72.38.184.236 > ppp0 72.38.184.236 66.11.173.224 Yup, see above, given a params entry of: ETH1_IP=$(find_first_interface_address eth1) b. -- My other computer is your Microsoft Windows server. Brian J. Murrell
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
