Kenneth Gonsalves wrote: > On 14-Jul-07, at 7:59 PM, Tom Eastep wrote: > >>> balancing works perfectly for http - but not for smtp etc >>> >> http is being proxied so it all outgoing connections are from the >> firewall. >> One potential problem in your configuration is that you are not >> masquerading >> the local network (192.168.2.0/24) out of eth3. So no local traffic >> can work >> through eth3. > > I did that and everything is fine. Now I have to add a third isp - > what will the masq file look like then? >
For each of N firewall external addresses, you need to consider what happens if a connection with that address as SOURCE is sent out of each of M external interfaces. And for each of L local LANs, you need to consider traffic that originates on that LAN and that is sent out of each of the M external interfaces. Follow the above advice and it will work for N external addresses on M external interfaces with L internal LANs for all values of L, M and N. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
