Thanks Prasanna.
I'm having some wierd problems with encrypted traffic that I'm trying to
troubleshoot. I do have the interface aliases all setup and working.
I actually setup an alternate to test by assigning an additional private
IP to the internal host and separating the NATS for each interface, but
it didn't help.
#EXTERNAL INTERFACE INTERNAL ALL LOCAL
# INTERFACES
<ISP1 IP> eth1:2 10.0.1.11 no
no
<ISP2 IP> eth2:2 10.0.1.12 no
no
The troubleshooting continues.
Thank you very much for the feedback though. I couldn't find anything
in the Shorewall docs as to whether what I was doing was "legal" or not
(not to say it might not be there), but you at least told me I wasn't
stupid. (And I still owe you and the wiki documentation on my current
setup, but I'm not so sure I've worked out the kinks yet).
Keith Mitchell
CTO
Productivity Associates, Inc.
Prasanna Krishnamoorthy wrote:
On Tue, Aug 12, 2008 at 5:13 AM, Keith Mitchell <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Is this legal?
In a multi-isp setup, is it "legal" to setup an internal host in the
shorewall/nat file with the same IP and two different external ip's?
It should work (not used it myself)
Now depending on your default route (or policy route), the interface
is chosen. Remember IPtables does not choose the interface. Once the
interface is chosen, then the IP is set according to masq/nat - this
is for outgoing packets. For incoming packets, any thing coming in on
that virtual interface should just be DNAT'ed and sent to the local
IP. With "mark" in place it should be just like a normal multi-ISP setup.
Note that this line will add an aliased interface to each interface
that you have, unless you are specifying ADD_IP_ALIASES
<http://shorewall.net/manpages/shorewall.conf.html>="no" . Since you
seem to have an alias already, you may want to check that.
Prasanna.
--
Want to manage multiple office networks?
Want to securely connect all your locations?
Want to do it in a budget?
www.elinanetworks.com <http://www.elinanetworks.com>
------------------------------------------------------------------------
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
