----- Original Message ----- From: "Mike Lander" <[EMAIL PROTECTED]> To: "Shorewall Users" <[email protected]> Sent: Thursday, August 30, 2007 1:39 PM Subject: Re: [Shorewall-users] Multi-Isp Masqerade ?
: : ----- Original Message ----- : From: "Mike Lander" <[EMAIL PROTECTED]> : To: "Shorewall Users" <[email protected]> : Sent: Thursday, August 30, 2007 1:32 PM : Subject: Re: [Shorewall-users] Multi-Isp Masqerade ? : : :: Mike Lander wrote: :: > Mike Lander wrote: :: > :: >> : /etc/shorewall/masq :: >> : eth0 10.194.79.181 66.224.62.120 :: >> : eth1 66.224.62.120 10.194.79.181 :: >> : eth0 eth1 66.224.62.120 :: >> : eth1 eth0 10.194.79.181 :: > :: > The last two entries appear to me to be totally silly. :: > :: > Please stop and think a minute about what those entries are asking the :: > firewall to do. The first one says that "any traffic from a host with a :: > route out of eth1 that is being forwarded out of eth0 should have its :: > source :: > address rewritten to 66.224.62.120". Why would any traffic be taking : that :: > path at all? The second rule is similar... :: > :: > Am I missing something? :: > :: > -Tom :: > :: > Well in the mulit-Isp setup this is the convention :: > to take with two isp two nics FQip :: > That is why I am confused on how to masq :: > from loc to the net with one nic FQip 66.224.62.120 :: > and the other fowarding to the gw 10.194.79.254 :: > on the internal lan. My thought about the lan :: > is not to masq at all, any ideas? :: > But you answer sure make me think about :: > it more clear. :: :: If there is a local LAN here, which interface is it connected to? All you :: have shown us is eth0 and eth1 which appear to go to the two providers. :: Please don't tell me that 'the LAN' is also accessed through one of those :: interfaces.... :: :: -Tom :: -- :: Well I thought I could access both T-1's in this config in my previous :: post, the admin led me to believe. :: But as it turns out both these ISP's (two full T-1's are in seperate :: buildings) :: and connected by one run of Fiber. So Jerry seemed optimistic this config :: would work as his does. :: I have two nics in a test enviroment with the same setup at my place. :: :: eth0 66.224.62.120/27--gw 66.224.62.97 :: eth1 10.194.79.181- gw 10.194.79.254 :: I will send dump if you like. :: :: Mike :: :: Here is the dump : Thanks : Mike :: Now I am thinking that does not make sense at all my thought is the traffic coming from the natted gateway is already masqeraded/ just masqerade the eth1 to eth0 traffic so maybe its simple as below /etc/shorewall masqerade eth0 eth1 Does that make sense? Mike ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
