Hi, I'm running a shorewall box with balancing over three ISPs and have two data transfers to customers via ftps. All went fine, but suddenly the ftp jobs didn't work any more. I discovered, that sometimes the ftps control session left the firewall on ISP 1 and the data session on ISP 2. So the ftps server didn't accept the data session, because it originated from another IP than the control session (all traffic is masqueraded with the corresponding external addresses of the firewall).
Unfortunately the initial port and the data port ranges aren't the same. I have following rules: ACCEPT dmz9 <customer1> tcp 22 ACCEPT dmz9 <customer1> tcp 5000:10000 ACCEPT dmz12 <customer2> tcp 990 ACCEPT dmz12 <customer2> tcp 45000:49999 Is there a "shorewall way" to solve this problem? In the meantime I pin the route to the ftps servers to one ISP on the network level (ip route add -host.....). But perhaps there is a better solution for this. In case the used ISP is down, I would have to manually switch the routes now. Thank you for any hint, Christian ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
