Andrew Suffield wrote: > On Thu, Nov 08, 2007 at 12:47:23AM -0500, Jerry Vonau wrote: >> Use the "ORIGINAL DEST" column with your dnat rule in the rules file, >> with the ip from the provider that you wish to use as the "ORIGINAL DEST" > > I would actually be inclined to put the two ISPs interfaces into > different subzones of 'net'. The rules should be neater. >
One can also place "net:ethX" in the SOURCE column to limit the rule to connections entering the firewall on interface 'ethX'. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
