Jeff Gregor wrote: > I want to redirect clients on my local network to the local time server, > so that they aren't making calls out to a public server on the internet > (it's a satellite link, bandwidth is a real problem and every little bit > I can save helps...) > My firewall box has three interfaces: > eth0 (WAN/Internet) -- connected to satellite modem > eth1 (LAN, my office clients) -- IP 192.168.1.1, serves clients on > 192.168.1.0/24 > eth2 (PUB, public clients) -- IP 192.168.2.1, serves clients on > 192.168.2.0/24 > NTP is running on the firewall, listening on eth1 and eth2. > What I want to do is each time a client on LAN or PUB tries to connect > to an external time server, I want to redirect it back to the > appropriate interface (ie, 192.168.1.1 or 192.168.2.1).
I agree with Christ Sclacta -- just use NTP/REDIRECT. > > In MASQ: > -------------------------------------------------------------------- > #INTERFACE SOURCE ADDRESS PROTO PORT(S) > IPSEC MARK > eth0 eth1 > eth0 eth2 > eth1 192.168.1.0/24!192.168.1.1 udp 123 > eth2 192.168.2.0/24!192.168.2.1 udp 123 The last two entries are totally invalid and are the cause of your problem (Hint -- you omitted the ADDRESS column). > -------------------------------------------------------------------- > > And in RULES: > > "shorewall check" reports no errors. When using Shorewall-shell, the "check" command is nearly worthless. That is one of the reasons (among many) that I wrote Shorewall-perl and why I urge you to migrate to Shorewall-perl at your first opportunity. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
