[Shorewall-users] pls help, how to do load balancig on incomming SIP

Wed, 01 Mar 2017 06:34:32 -0800 

I have in OFFICE 1 firewall on public ip 1.2.3.4 and 1.2.3.5 which is dedicated 
to SIP data between office 1 and 2 only.
SIP server 1 is on 10.23.172.1 and SIP server 2 is on 10.24.172.1.

OFFICE 2 is on public ip 2.3.4.5 and has working SIP.

So, this config I have is working OK but between OFFICE 2 and OFFICE 1 - SIP 
1only.
I don't understand the shorewall manual on know how to make load balance rule 
for incoming SIP data in OFFICE 1 between SIP1,
and SIP2 severs (from OFFICE2), and I don't want to allocate another public IP 
for SIP2.
(I thought this would do: DNAT net:2.3.4.5 met:10.23.172.1,10.24.172.1 - - - 
1.2.3.5 , but it's not)

thnx.

ifconfig                                | 
interfaces                                                  | zones
~~~~~~~~                                | 
~~~~~~~~~~                                                  | ~~~~~
eth0    1.2.3.4       / 255.255.255.240 | net   eth0  detect  # 1.2.3.4       / 
28 - public network   | net ipv4
eth0:0  1.2.3.5       / 255.255.255.240 
|                                                             |
eth1    192.168.10.1  / 255.255.255.0   | biz eth1  detect  # 192.168.10.1  / 
24 
- office computers | biz ipv4
eth2    10.23.191.194 / 255.0.0.0       | met eth2  detect  # 10.23.191.194 /  
8 
- sip network      | met ipv4
eth3    192.168.0.1   / 255.255.255.0   | iot eth3  detect  # 192.168.0.1   / 
24 
- iot network      | iot ipv4
                                         | vpn   ppp+ detect  # pptpd, per user 
assigned              | vpn ipv4
| fw  firewall
masq
~~~~~
eth0    eth1
eth0    eth3
eth0    eth2    1.2.3.5

rules
~~~~~
DNAT  net:2.3.4.5                  met:10.23.172.1  - - - 1.2.3.5       # allow 
access from office 2 to sip1 incomming on eth0:0
DROP  net fw:1.2.3.5                            # drop the rest on 1.2.3.5
DNAT  met:10.23.172.1,10.24.172.1  net:2.3.4.5      - - - 10.23.191.194 # allow 
sip1 and sip2 to office 1 incomming on eth2

policy
~~~~~~
fw              all             ACCEPT
biz             all             ACCEPT
met             fw              ACCEPT
iot             net             ACCEPT
iot             fw              ACCEPT
vpn             fw              ACCEPT
vpn             biz             ACCEPT
vpn             iot             ACCEPT
net             all             DROP            info
all             all             REJECT          info


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to