Shorewall users - Jan 2010 - Shorewall 4.4.6 and external interface using RFC1918 address

Hi All,

I have Multi-ISP configuration and the secondary external line has 
192.168.1.1 as LAN address and a static public address on WAN.
I have search in shorewall docs and I found that up to version 3 there 
was an rfc1918 file that enable this kind of configuration. (As stated 
in Tom''s configuration http://www.shorewall.net/myfiles.htm#id2451457)
Now I have seen that this file is not present.

Any suggestion ?

TIA

Best Regards,
Francesco

------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com

Francesco Saverio Giudice wrote:
> Hi All,
> 
> I have Multi-ISP configuration and the secondary external line has 
> 192.168.1.1 as LAN address and a static public address on WAN.
> I have search in shorewall docs and I found that up to version 3 there 
> was an rfc1918 file that enable this kind of configuration. 
The rfc1918 file did not enable anything. It simply defined the address
ranges to be dropped under the ''norfc1918'' interface option.
Given that
the interface option is no longer supported, the file is not required.
Other than in the NULL_ROUTE_RFC1918 option, Shorewall has no knowledge
of public and private IPv4 addresses and treats all address ranges the same.

Please tell us exactly what problem you are trying to solve and we will
try to help.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com

Hi Tom,

Tom Eastep ha scritto:
> 
> The rfc1918 file did not enable anything. It simply defined the address
> ranges to be dropped under the ''norfc1918'' interface
option. Given that
> the interface option is no longer supported, the file is not required.
> Other than in the NULL_ROUTE_RFC1918 option, Shorewall has no knowledge
> of public and private IPv4 addresses and treats all address ranges the
same.
> 
> Please tell us exactly what problem you are trying to solve and we will
> try to help.
> 
thank you for your fast reply.

I have this configuration:
eth0 - 1th local net - 192.168.0.254 - lan: 192.168.0.0/24
eth1 - 2nd local net - 192.168.100.254 - lan: 192.168.100.0/24
eth2 - 3th local net - 10.245.0.1 - lan: 10.245.0.0/22 (used as dmz with 
DNAT port forwarding from external)
eth3 - 1st ISP - 82.189.125.18 - lan: 82.189.125.16/29 + other 16 ips
eth4 - 2nd ISP - 192.168.1.2 - lan: 192.168.1.0/24 (router has external 
public ip)
openvpn - for VPN connections

I would like to have traffic using 2 ISP in this way:
traffic from loc to net using 2nd ISP balanced (10:1 in weight)
traffic from external uses 1st ISP and for some ports can use (if 1st 
ISP is down) the 2nd ISP

in dmz I have all public services (www,mail,ftp) and I use DNAT from eth0

Now I''m started with files from the old configuration that I''m
upgrading
(2.2) so I have to complete them.

If I not add 2nd ISP all seem to work well.

Attached there are files I have changed from standard files.
All external IPs are defined as alias on eth0.

Thank you.
Best Regards,
Francesco





------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com

Francesco Saverio Giudice wrote:
> 
> If I not add 2nd ISP all seem to work well.
> 
> Attached there are files I have changed from standard files.

Please read and follow the instructions at
http://www.shorewall.net/support.htm#guidelines.

There:

- it specifically asks that you *not* send us your configuration files.
- it asks instead that you send us the output of ''shorewall
dump''
  collected as described there.
- it asks you to tells us:

	a) what you tried.
	b) what you expected to happen.
	c) what happened instead.

Thanks,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com

Tom Eastep ha scritto:
> Francesco Saverio Giudice wrote:
> 
>> If I not add 2nd ISP all seem to work well.
>>
>> Attached there are files I have changed from standard files.
> 
> 
> Please read and follow the instructions at
> http://www.shorewall.net/support.htm#guidelines.
> 
> There:
> 
> - it specifically asks that you *not* send us your configuration files.
> - it asks instead that you send us the output of ''shorewall
dump''
>   collected as described there.
> - it asks you to tells us:
> 
> 	a) what you tried.
> 	b) what you expected to happen.
> 	c) what happened instead.
> 
Sorry, my fault.
I will do.

Best Regards,
Francesco


------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com