Mike Lander wrote: > > PS So you can follow building reference > building 1 Full T-1 under my control with /29 non-routed > building 2 Full T-1 under Toyota's Control. natted with > a cisco router with lan ip10.5.198.238 > > Note: In my test environment the practice ip 10.194.79.254 > will emulate like 10.5.198.238 > > Tom, > I was just eating lunch and thought I should explain this better instead > of assuming you followed our post. I built these guys a shorewall box > in 2003 as you have seen. It has redhat 8 and shorewall 3.0.2. > and its been serving as a file server as well. When I checked this place > the admin thought the T-1's where in the same building as the old > shorewall box is now. The old box is accessing the 10.5.198.238 > gateway only for networks 63.90.860/24. > > PS old box is still at the location being used. > > Since the old shoreall box was built the natted gateway that > is out of my control has beenupgraded to a Full T-1 in building 2 > where currently there is no shorewall box. Just the Toyota Cisco. > I was going to use three nic box with two nics for Ips's > But the two buildings are connected with fiber on the > lan 10.5.198.0/24 So now a dual nic that Jerry has > working sounded attractive. > > I will put the old shorewall box in building 2 (after rebuild)_ > for a backup file server is what its primary purpose is. > > They have liked it so much, they want a bigger > better box built for redirecting mydocments on their Xp boxes to a > Samba share. So I built a Dell 2900 quad zeon 2gb ram to handle > being a domain controller for their network to knock out the > old shorewall box. > The natted T-1 is hardly being used they wish to load > balance to take advantage of the T-1's and maybe down the > road use as failover. I am not opposed to a better idea than > the two nics if you have an idea. Because in a simular situation > I asked you aways back I need customer wireless to a 2nd building > slaved with fiber on a lan and you suggested to vpn to the wireless > to seperateh the lan traffic from customer wireless router > and that worked great. Getting lengthy so hope this helps. >
Mike, Does http://www1.shorewall.net/images/Landers.png accurately reflect the network topology? If so, you want this masq entry; eth0 10.194.79.0/24 66.224.62.120 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
