Some more details would be great and it would be helpful to know wether you start from scratch or if you started to setup by your own and now stuck at a specific point.
Anyway, policy based routing is what you are looking for. You are interested in having two tables, one with a default route to isp1 and another for isp2. Policy will recognize from which lan you come and transfer your packets into the right table. Assuming that you need ppp to your providers you can use a small script to recognize once your ispX went down to adjust your tables. This can be done with e.g. ppp.up and ppp.down script. Till here there is nothing what you have do to with shorewall. Its only routing. In shorewall you must ensure that both networks are allowed to be masqueraded through isp1 and isp2 Zones talking to each other without restrictions is managed my policy. Define your zones, interfaces (or hosts if you have multiple zones per interface) and allow them with an ACCEPT statement in the policy file. Rules will help you to use your services e.g. with DNAT. Where you run into troubles will be a situation where you want to switch e.g. from a webserver in lan1 to a webserver in lan2. Since they have different ips it will need some additional config. Cheers Mike -----Ursprüngliche Nachricht----- Von: Christ Schlacta [mailto:aarc...@gmail.com] Gesendet: Samstag, 3. Oktober 2009 21:36 An: Shorewall Users Betreff: [Shorewall-users] multi-isp, multi-lan. okay, so here's what I've been called upon to do: I have two ISPs and two separate LANs (we have a two-family household) lets call them lan1 and lan2, and isp1 and isp2. I've been asked if I could configure a router such that.. all traffic from lan1 is sent through isp1 by default, and all traffic from lan2 is sent through isp2. additionally, each LAN may have services (http, sftp, ssh, etc.) both lan1 and lan2 will be using site-local IP addresses (192.168 and 10). lan1 and lan2 should be able to communicate with each other without complaint. if isp1 goes down, lan1 should be able to access the internet via isp2 only until isp1 returns, and vice versa. (This should NOT apply to the dedicated bit-torrent downloader, which should simply lose connection if it's ISP goes down). (also, this rule shouldn't force existing connections from lan1 to drop from isp2 when isp1 returns, it should allow them to finish whatever they're doing (ssh sessions, long downloads, etc.) ---------------------------------------------------------------------------- -- Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
