On Fri, 2014-08-08 at 16:41 -0300, Marcelo Roccasalva wrote: > Hello, > > > I have an autonomous system: two providers, two routers, two class C > IP address ranges but one interface on the firewall. On failure of one > router/provider, both IP ranges would be served by the other one via a > virtual IP. I may have two interfaces if needed... > > > I need to protect a LAN, a DMZ, some point to point links and a few > ssl tunnels. I've read the multiple internet connections document with > little success, as my source NAT outgoing traffic sometimes gets set > wrong source IP. > > > Can you point me some clarifying docs?
I don't believe that there is a document currently that covers the case
where different firewall addresses are used for the two providers. I
suspect that what you need are:
- Use the 'Alternative Balancing' method if you need to balance between
the two providers.
- Include rules such at these in /etc/shorewall/masq:
ethN 0.0.0.0/0 <addressp1> { mark=<p1mark> }
ethN 0.0.0.0/0 <addressp2> { mark=<p2mark> }
Where:
ethN is the Internet-facing interface
<addressp1> is the first provider's firewall address
<addressp2> is the second provider's firewall address
<p1mark> is the first provider's mark value
<p2mark> is the second provider's mark value
HTH,
-Tom
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
