Mike Lander wrote: > Mike Lander wrote: > >> : /etc/shorewall/masq >> : eth0 10.194.79.181 66.224.62.120 >> : eth1 66.224.62.120 10.194.79.181 >> : eth0 eth1 66.224.62.120 >> : eth1 eth0 10.194.79.181 > > The last two entries appear to me to be totally silly. > > Please stop and think a minute about what those entries are asking the > firewall to do. The first one says that "any traffic from a host with a > route out of eth1 that is being forwarded out of eth0 should have its > source > address rewritten to 66.224.62.120". Why would any traffic be taking that > path at all? The second rule is similar... > > Am I missing something? > > -Tom > > Well in the mulit-Isp setup this is the convention > to take with two isp two nics FQip > That is why I am confused on how to masq > from loc to the net with one nic FQip 66.224.62.120 > and the other fowarding to the gw 10.194.79.254 > on the internal lan. My thought about the lan > is not to masq at all, any ideas? > But you answer sure make me think about > it more clear.
If there is a local LAN here, which interface is it connected to? All you have shown us is eth0 and eth1 which appear to go to the two providers. Please don't tell me that 'the LAN' is also accessed through one of those interfaces.... -Tom -- Well I thought I could access both T-1's in this config in my previous post, the admin led me to believe. But as it turns out both these ISP's (two full T-1's are in seperate buildings) and connected by one run of Fiber. So Jerry seemed optimistic this config would work as his does. I have two nics in a test enviroment with the same setup at my place. eth0 66.224.62.120/27--gw 66.224.62.97 eth1 10.194.79.181- gw 10.194.79.254 I will send dump if you like. Mike ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
