search for: isp1_ip

Below is a snippet from my firewall script isp1_ip="xx.0.5.20" isp1_gw="xx.0.5.1" isp1_net="xx.0.5.0/28" isp1_if="eth2" isp2_ip="xx.182.19.88" isp2_gw="xx.182.19.1" isp2_net="xx.182.19.0/28" isp2_if="eth3" lo_ip="127.0.0.1" lo_if=&...

Below is a snippet from my firewall script isp1_ip="xx.0.5.20" isp1_gw="xx.0.5.1" isp1_net="xx.0.5.0/28" isp1_if="eth2" isp2_ip="xx.182.19.88" isp2_gw="xx.182.19.1" isp2_net="xx.182.19.0/28" isp2_if="eth3" lo_ip="127.0.0.1" lo_if="lo"...

...with the wrong address. So if I use tcrules to cause all traffic to use one provider, I necessarily have to masq the firewall generated outgoing traffic when a packet goes out an ISP link, but has the other ISP source IP. I put in masq two rows like this: INTERFACE SOURCE ADDRESS $IF_ISP1 $ISP2_IP $ISP1_IP $IF_ISP2 $ISP1_IP $ISP2_IP Exactly the same issue happens when you use tcrules to direct a particular application through either one of the ISP, and the solution is the same. This problem does not exist if you use rtrules instead of tcrules to direct traffic to one of the providers. This happens b...

Hi all, I have managed to setup a Fedora 7 box with 3 ethernet cards and two ADSL modem/routers from different suppliers as LARTC recommends. I am able to direct traffic for specific internal IPs either to one or the other ADSL line. However, I am faced with two problems I am struggling for the solution: 1. I have opened a few ports on the ADSL router/firewalls to talk to internal hosts; say when

...3 ip route add table 3 default via $isp2_ip dev eth3 ip route flush cache iptables -t mangle -A PREROUTING -p tcp -s $ip_set2 --dport $http -j MARK --set-mark 3 iptables -t mangle -A PREROUTING -p tcp --dport $ftp -j MARK --set-mark 3 iptables -t nat -A POSTROUTING -o $isp1_if -j SNAT --to-source $isp1_ip iptables -t nat -A POSTROUTING -o $isp2_if -j SNAT --to-source $isp2_ip iptables -A FORWARD -i $lan_if -j ACCEPT iptables -A INPUT -p ALL -d $isp2_ip -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p ALL -d $isp1_ip1 -m state --state ESTABLISHED,RELATED -j ACCEPT Http & ftp w...

...n concentrator, the remote lan can connect the server. Some details. cat /etc/iproute2/rt_tables # # reserved values # 255 local 254 main 253 default 0 unspec 100 isp2 101 isp1 # # local # #1 inr.ruhep This is the iproute script: ISP1_NET="x.x.x.192/29" ISP1_IP="x.x.x.195" ISP1_GW="x.x.x.193" ISP1_IF="bad0" ISP2_NET="x.x.x.96/29" ISP2_IP="x.x.x.98" ISP2_GW="x.x.x.97" ISP2_IF="bad1" DMZ_NET="192.168.0.0/24" DMZ_IF="dmz0" LAN_NET="10.0.0.0/24" LAN_IF=&quot...

...$FW 2:P 192.168.0.0/24 0.0.0.0/0 tcp 10050,10051,10052,10053,10054 The problem is that some DNS requests, ssh connections from firewall to outside hang/timeout. shorewall dump shows that some requests are issued via ISP2. DNS requests problem was cured by adding "query-source ISP1_IP;" to /etc/named.conf. But I don''t want to deal with every app. How to make all connections from firewall go via ISP1? Local masqueraded PCs don''t have this problem. Regards, Nerijus ------------------------------------------------------------------------------ Download Inte...