thr3ads.net - Shorewall users - multiple providers on one interface

If this information is useful, please help other people find it:
Share via:

Thomas Mueller

2012-Oct-12 15:02 UTC

multiple providers on one interface - example config

hi

i''ve asked lately if i''m on the right track to do nat,
providers and rtrules.
Thanks Tom for your reply!

Finally I got it working and I''d like to share it as an example. 

- Thomas


Situation: 
* Shorewall 4.5.5.3
* OS: Debian Squeeze
* eth0 with ip 8.8.8.8 and ip alias 7.7.7.7 (eth0:0)
* 8.8.8.8 has default gateway 8.8.8.1
* 7.7.7.7 has default gateway 7.7.7.1
* internal lan is 10.7.7.0/24
* 10.7.7.13 is 7.7.7.7 external
* all others get 8.8.8.8 external


And are the relevant config files:


############################################################################################
# providers
############################################################################################
#NAME   NUMBER  MARK    DUPLICATE       INTERFACE       GATEWAY         OPTIONS 
COPY
cs1     1       1       main            eth0:8.8.8.8    8.8.8.1
cs2     2       2       main            eth0:7.7.7.7    7.7.7.1


####################################################################################
# rtrules
####################################################################################
#SOURCE                 DEST                    PROVIDER        PRIORITY       
MASK
17.7.7.13               -                       cs2             1000
10.7.7.0/24             -                       cs1             1000


###############################################################################
# masq
###############################################################################
#INTERFACE              SOURCE          ADDRESS         PROTO   PORT(S) IPSEC  
MARK
eth0:0(cs2)             10.7.7.13       7.7.7.7
eth0(cs1)               0.0.0.0/0       8.8.8.8



------------------------------------------------------------------------------
Don''t let slow site performance ruin your business. Deploy New Relic
APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev

Tom Eastep

2012-Oct-12 16:32 UTC

head link

Re: multiple providers on one interface - example config

On 10/12/2012 08:02 AM, Thomas Mueller wrote:> hi
>
> i''ve asked lately if i''m on the right track to do nat,
providers and rtrules.
> Thanks Tom for your reply!
>
> Finally I got it working and I''d like to share it as an example.
>
> - Thomas
>
>
> Situation:
> * Shorewall 4.5.5.3
> * OS: Debian Squeeze
> * eth0 with ip 8.8.8.8 and ip alias 7.7.7.7 (eth0:0)
> * 8.8.8.8 has default gateway 8.8.8.1
> * 7.7.7.7 has default gateway 7.7.7.1
> * internal lan is 10.7.7.0/24
> * 10.7.7.13 is 7.7.7.7 external
> * all others get 8.8.8.8 external
>
>
> And are the relevant config files:
>
>
>
############################################################################################
> # providers
>
############################################################################################
> #NAME   NUMBER  MARK    DUPLICATE       INTERFACE       GATEWAY        
OPTIONS         COPY
> cs1     1       1       main            eth0:8.8.8.8    8.8.8.1
> cs2     2       2       main            eth0:7.7.7.7    7.7.7.1
>
>
>
####################################################################################
> # rtrules
>
####################################################################################
> #SOURCE                 DEST                    PROVIDER        PRIORITY   
MASK
> 17.7.7.13               -                       cs2             1000
> 10.7.7.0/24             -                       cs1             1000
>
>
>
###############################################################################
> # masq
>
###############################################################################
> #INTERFACE              SOURCE          ADDRESS         PROTO   PORT(S)
IPSEC   MARK
> eth0:0(cs2)             10.7.7.13       7.7.7.7
> eth0(cs1)               0.0.0.0/0       8.8.8.8
Thanks, Thomas!

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

------------------------------------------------------------------------------
Don''t let slow site performance ruin your business. Deploy New Relic
APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev

Shorewall users - Oct 2012 - multiple providers on one interface - example config

multiple providers on one interface - example config

Re: multiple providers on one interface - example config