Hi, I have a centos 5.3 with shorewall 4.2.10 and transparent squid...(REDIRECT loc 3128 tcp 80 - !192.168.1.254) It''s working fine with 2 NIC, eth0 - net and eth1 - loc Now I need configure other ISP only for access the system in datacenter - ip 200.XXX.XXX.240 (HTTP and HTTPS)... Others connections should continue as before... I installed other NIC - eth2 and follow the example on http://www.shorewall.net/MultiISP.html, but I can''t make it work... my changed files: /etc/shorewall/providers: #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY SPEEDSTREAM 1 1 main eth0 192.168.254.254 track,balance eth1 DLINK 2 2 main eth2 10.1.1.1 track,balance eth1 /etc/shorewall/interfaces: #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect dhcp,tcpflags,nosmurfs,routefilter,logmartians loc eth1 detect tcpflags,nosmurfs,routefilter,logmartians net eth2 detect /etc/shorewall/masq: #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK eth0 0.0.0.0/0 192.168.254.3 eth2 0.0.0.0/0 10.1.1.3 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE /etc/shorewall/tcrules: #MARK SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS CONNBYTES HELPER # PORT(S) PORT(S) 2:P eth1 200.XXX.XXX.240 tcp 80 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE Is it correct? There''s others files to configure? Thank''s Jayme. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what''s new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
sounds like you need ACCEPT+ rules in your rules file. Jayme Sanches wrote:> Hi, > > I have a centos 5.3 with shorewall 4.2.10 and transparent > squid...(REDIRECT loc 3128 tcp 80 - !192.168.1.254) > > It''s working fine with 2 NIC, eth0 - net and eth1 - loc > > Now I need configure other ISP only for access the system in datacenter > - ip 200.XXX.XXX.240 (HTTP and HTTPS)... > Others connections should continue as before... > I installed other NIC - eth2 and follow the example on > http://www.shorewall.net/MultiISP.html, but I can''t make it work... > > my changed files: > > /etc/shorewall/providers: > #NAME NUMBER MARK DUPLICATE INTERFACE > GATEWAY OPTIONS COPY > SPEEDSTREAM 1 1 main eth0 > 192.168.254.254 track,balance eth1 > DLINK 2 2 main eth2 > 10.1.1.1 track,balance eth1 > > /etc/shorewall/interfaces: > #ZONE INTERFACE BROADCAST OPTIONS > net eth0 detect > dhcp,tcpflags,nosmurfs,routefilter,logmartians > loc eth1 detect > tcpflags,nosmurfs,routefilter,logmartians > net eth2 detect > > /etc/shorewall/masq: > #INTERFACE SOURCE ADDRESS PROTO PORT(S) > IPSEC MARK > eth0 0.0.0.0/0 <http://0.0.0.0/0> 192.168.254.3 > eth2 0.0.0.0/0 <http://0.0.0.0/0> 10.1.1.3 > #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE > > /etc/shorewall/tcrules: > #MARK SOURCE DEST PROTO DEST SOURCE USER > TEST LENGTH TOS CONNBYTES HELPER > # PORT(S) PORT(S) > 2:P eth1 200.XXX.XXX.240 tcp 80 > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > Is it correct? There''s others files to configure? > Thank''s > Jayme. > | > | > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what''s new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > > > ------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what''s new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
But de rules are not same for the previous configuration? 2009/8/23 Christ Schlacta <aarcane@gmail.com>> sounds like you need ACCEPT+ rules in your rules file. > > Jayme Sanches wrote: > > Hi, > > > > I have a centos 5.3 with shorewall 4.2.10 and transparent > > squid...(REDIRECT loc 3128 tcp 80 - !192.168.1.254) > > > > It''s working fine with 2 NIC, eth0 - net and eth1 - loc > > > > Now I need configure other ISP only for access the system in datacenter > > - ip 200.XXX.XXX.240 (HTTP and HTTPS)... > > Others connections should continue as before... > > I installed other NIC - eth2 and follow the example on > > http://www.shorewall.net/MultiISP.html, but I can''t make it work... > > > > my changed files: > > > > /etc/shorewall/providers: > > #NAME NUMBER MARK DUPLICATE INTERFACE > > GATEWAY OPTIONS COPY > > SPEEDSTREAM 1 1 main eth0 > > 192.168.254.254 track,balance eth1 > > DLINK 2 2 main eth2 > > 10.1.1.1 track,balance eth1 > > > > /etc/shorewall/interfaces: > > #ZONE INTERFACE BROADCAST OPTIONS > > net eth0 detect > > dhcp,tcpflags,nosmurfs,routefilter,logmartians > > loc eth1 detect > > tcpflags,nosmurfs,routefilter,logmartians > > net eth2 detect > > > > /etc/shorewall/masq: > > #INTERFACE SOURCE ADDRESS PROTO PORT(S) > > IPSEC MARK > > eth0 0.0.0.0/0 <http://0.0.0.0/0> 192.168.254.3 > > eth2 0.0.0.0/0 <http://0.0.0.0/0> 10.1.1.3 > > #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE > > > > /etc/shorewall/tcrules: > > #MARK SOURCE DEST PROTO DEST SOURCE USER > > TEST LENGTH TOS CONNBYTES HELPER > > # PORT(S) PORT(S) > > 2:P eth1 200.XXX.XXX.240 tcp 80 > > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > > > Is it correct? There''s others files to configure? > > Thank''s > > Jayme. > > | > > | > > > > > > ------------------------------------------------------------------------ > > > > > ------------------------------------------------------------------------------ > > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 > 30-Day > > trial. Simplify your report design, integration and deployment - and > focus on > > what you do best, core application coding. Discover what''s new with > > Crystal Reports now. http://p.sf.net/sfu/bobj-july > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus > on > what you do best, core application coding. Discover what''s new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what''s new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Christ Schlacta wrote:> sounds like you need ACCEPT+ rules in your rules file.Or simply list the data center as an exception in the ORIGINAL DEST column of the REDIRECT rule: e.g., !200.XXX.XXX.240 The Shorewall Squid page should be clear on how to do that. - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqR0YcACgkQO/MAbZfjDLJa1wCbBvOw70PsqaOwYpjikpLHpq/v L68An25jDbMgqVPh53qni4Fui+/HpP+b =o72j -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what''s new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
Jayme Sanches wrote:> But de rules are not same for the previous configuration?What is happening is this: - Traffic to 200.xxx.xxx.240:80,443 is being redirected to the proxy. - The proxy tries to connect to 200.xxx.xxx.240. - Your tcrules entry doesn''t deal with connections originating on the router; it only deals with traffic being forwarded by the router. - So the connection is being routed out of the wrong interface You can either do as Christ or I have suggested and change your rules file; or you can add a second rule to your tcrules file that marks traffic originating on the firewall ($FW in the SOURCE column). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what''s new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
It''s working. The problem was adsl connection. Thanks. 2009/8/23, Tom Eastep <teastep@shorewall.net>:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Christ Schlacta wrote: >> sounds like you need ACCEPT+ rules in your rules file. > > Or simply list the data center as an exception in the ORIGINAL DEST > column of the REDIRECT rule: > > e.g., !200.XXX.XXX.240 > > The Shorewall Squid page should be clear on how to do that. > > - -Tom > - -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkqR0YcACgkQO/MAbZfjDLJa1wCbBvOw70PsqaOwYpjikpLHpq/v > L68An25jDbMgqVPh53qni4Fui+/HpP+b > =o72j > -----END PGP SIGNATURE----- > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus > on > what you do best, core application coding. Discover what''s new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- Enviado do meu celular ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what''s new with Crystal Reports now. http://p.sf.net/sfu/bobj-july