On 9/15/10 10:01 PM, Lito Kusnadi wrote: > Hi Tom, > thank you for your reply. sorry for the text wrapping as I'm using web mail. > > I have attached the gz format of shorewall dump. > > To clarify the objective: > I want to redirect traffic from dmz (eth2) to use AC3 (eth1) link and > redirect traffic from loc (eth3) to use I2N (eth0) link. > > I've changed provider file as follow (tried with "track" only and > "track,balance"): > I2N 1 1 main eth0 203.18.30.3 track,balance eth3 > AC3 2 2 main eth1 203.202.13.1 track,balance eth2
Please put 'eth2,eth3' in both providers. > > Now the interesting problem: > > a. from host in loc zone, I can ping dmz and the net (with limitation). > > According to the provider file, all eth3 traffic must use eth0; No -- The providers file NEVER determines where traffic is to go. What you have done is made it so ONLY eth3 traffic can use eth0. The DUPLICATE and COPY columns in the providers file only determine those routes that are copied to the provider routing tables. You want 'track,'balance' on both providers. In /etc/shorewall/route_rules: eth3 - I2N 1000 eth2 - AC3 1000 Now, traffic arriving on eth3 will be routed to the I2N provider and traffic arriving on eth2 will be routed to the AC3 provider. If either provider is down (assuming that you have 'optional' on eth0 and eth1 in your interfaces file), then all traffic will use the remaining provider. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
