Why have you said that I need "balance" ? I only need "track" incoming connections to go out throught the same incoming interfase.
With "balance" ... What´s happened if one isp are down ? I tried with Fedora Core 6 and default kernel compilation, and I´ve got the same problem. # uname -a Linux fw.jfsecco.com.ar 2.6.18-1.2798.fc6 #1 SMP Mon Oct 16 14:54:20 EDT 2006 i686 athlon i386 GNU/Linux I think the problem is that I use 2 isp and I try to reach a server in dmz (DNAT) throguht both isp. ----- Original Message ----- From: "Leandro" <[EMAIL PROTECTED]> To: "Shorewall Users" <[email protected]> Sent: Tuesday, March 20, 2007 8:32 AM Subject: Re: [Shorewall-users] 2 ISP problem >I don´t want to balance outgoing traffic, only incoming traffic go out by >same interfase that they come. > > I´ve made my own kernel (based in default kernel) because I need compile > specific raid support. > > Regards. > > > ----- Original Message ----- > From: "Jerry Vonau" <[EMAIL PROTECTED]> > To: "Shorewall Users" <[email protected]> > Sent: Monday, March 19, 2007 9:16 PM > Subject: Re: [Shorewall-users] 2 ISP problem > > > Leandro wrote: >> I have 2 isp and I can´t reach web server in dmz by "ISP1". >> It seems to be routing problem because when I change the default gateway, >> it works and then I can´t reach it by "ISP2" >> How can I resolve the problem ? >> (I think that shorewall 3.2.9 doesn´t need extra rule/route by iproute2) >> > > Don't use "route", you can't view the multi-path gateways that might be > present, use "ip route", to view the advanced routing tables. > > You need to have both gateways active, your missing something... > >> >> /etc/shorewall/zones >> fw firewall >> lan ipv4 >> dmz ipv4 >> inet ipv4 >> >> >> /etc/shorewall/interfaces >> lan eth0 detect tcpflags >> dmz eth1 detect tcpflags >> inet eth2 detect tcpflags,blacklist,norfc1918,routefilter,nosmurfs >> inet eth3 detect tcpflags,blacklist,norfc1918,routefilter,nosmurfs >> >> >> /etc/shorewall/route_rules >> eth2 - ISP1 1000 >> eth3 - ISP2 1000 >> >> > > Here it is... > >> /etc/shorewall/providers >> ISP1 1 1 main eth2 200.41.28.225 track >> eth0,eth1 >> ISP2 2 2 main eth3 200.43.134.254 >> track eth0,eth1 >> > > You need to use "balance" here, to setup the multi-path gateways. > try "track,balance" > >> /etc/shorewall/params >> INET1_IP=200.41.28.229 >> INET2_IP=200.43.134.7 >> DMZ_SERVER1_IP=192.168.0.2 >> >> >> /etc/shorewall/rules >> DNAT inet:eth2 dmz:$DMZ_SERVER1_IP:80 tcp http - >> $INET1_IP >> DNAT inet:eth3 dmz:$DMZ_SERVER1_IP:80 tcp http - >> $INET2_IP >> >> >> # uname -a >> Linux fw 2.6.11-prep #1 Fri Jun 24 10:11:31 ART 2005 i686 athlon i386 >> GNU/Linux >> # cat /etc/fedora-release >> Fedora Core release 3 (Heidelberg) >> # shorewall version >> 3.2.9 (shorewall-3.2.9-4.noarch.rpm) > > You rolled your own kernel, hope you didn't miss anything that may be > needed. > > Jerry > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share > your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > __________________________________________________ Preguntá. Respondé. Descubrí. Todo lo que querías saber, y lo que ni imaginabas, está en Yahoo! Respuestas (Beta). ¡Probalo ya! http://www.yahoo.com.ar/respuestas ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
