search for: route_rules

hi, I am running shorewall 3.2.9 on Mandriva2007 with 2 ISPs. Certain local IPs are directed to a specific ISP in route_rules, and this was working perfectly. I had to reinstall Mandriva, and after that this redirection is not working. My files are: masq: eth1 192.168.10.3 202.71.146.210 eth2 202.71.146.210 192.168.10.3 eth1 eth0 202.71.146.210 eth2 eth0 192.168.10.3 interfaces: net eth1 detect net...

...me an ip range (cloud computing hooray). If I understand it correctly just doing one-to-one nat will not work, as the default gateway changes for every ip. so i need do add a providers entry for every ip with the correct gateway. Will this work with one-to-one nat? Do I need to add entries in route_rules file to get the traffic right or is the providers entry enough? Thanks for any hints! - Thomas ------------------------------------------------------------------------------ Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynam...

Hi all and specially Mr. Tom.... (Please, do not be acid with me please! I am only a newbie, trying learn more about shorewall) I get involved with a Firewall Project in a customer here in my city... In this customer, he has two Internet Providers. So, he ask me how make certain connection following one routing path (like RT_1) and others connections type, following the other routing path

Hi, Shorewall version -4.0.12-2 (EL5 rpm version) OS : Centos 5.2 I have shorewall successfully running on Linux with multi ISP. Trying to make services such as "rsync, ftp" go through my secondary ISP. For which I did the following eth0 : Internal LAN eth4 : DSL (Second ISP) => x.x eth5 : T1 (First ISP) => y.y Created the following entries in

Hi All! I only ever have complex setups. Customer site has a dedicated leased line from their ISP terminating on a Cisco router. Router is configuered with the first usable address on a /28 network - 196.x.y.73. The linux firewall is configured with the remaining 5 ip''s, 196.x.y.74 to 196.x.y.78 and 79 as the broadcast. Sounds normal but here is the twist. The primary or first ip

...- eth1:192.168.254.5 192.168.254.1 track,loose,balance - sg 2 2 - eth1:192.168.254.5 192.168.254.3 track,loose - act 3 3 - eth1:192.168.254.5 192.168.254.4 track,loose - root@TestServer:/etc/shorewall# cat route_rules # # Shorewall version 4 - route_rules File # # For information about entries in this file, type "man shorewall-route_rules" # # For additional information, see http://www.shorewall.net/MultiISP.html ############################################################################ ######## #SOU...

Hi to the list, I configured a multi-provider setup with /etc/shorewall/providers: Orange 1 1 main eth1 81.255.74.150 track,balance=1 eth0 Free 2 2 main eth2 88.180.116.254 track,balance=3 eth0 and /etc/shorewall/tcrules: 2:P 192.168.2.0/24 0.0.0.0/0 tcp 143 2:P 192.168.2.0/24

...ce again accepted in the IN_BANDWIDTH columns of tcinterfaces and tcrules, and causes no ingress policing to be configured. 2) MARK_IN_FORWARD_CHAIN=Yes no longer generates an error when $FW:<address> is entered in the SOURCE column of the tcrules file. New Features: 1) The route_rules file has been renamed to ''rtrules''. The Shorewall and Shorewall6 installers will perform the rename on an existing file. If both files exist, route_rules will be processed and rtrules will be ignored. 2) Run-time address variables (e.g., &eth0) may now be u...

...ce again accepted in the IN_BANDWIDTH columns of tcinterfaces and tcrules, and causes no ingress policing to be configured. 2) MARK_IN_FORWARD_CHAIN=Yes no longer generates an error when $FW:<address> is entered in the SOURCE column of the tcrules file. New Features: 1) The route_rules file has been renamed to ''rtrules''. The Shorewall and Shorewall6 installers will perform the rename on an existing file. If both files exist, route_rules will be processed and rtrules will be ignored. 2) Run-time address variables (e.g., &eth0) may now be u...

...ank. I have 2 Internet links balancing mode, thus the bank is charging connection down. I tried to force Internet traffic (port 80 and 443) for only a link, however it did not work. How do I make a setting to force the connection to these ports for a specific link. Note: I can not use the file as route_rules have neither the source IP (ltsp) nor of disabling (changes from time to time) Here conf #providers linkoi 1 - main eth6 201.89.0.1 track,balance=1 linkrntw 2 - main eth4 189.36.0.2 track,balance=10 #tcrules 2:T 172.16.11.33...

...make it easier from users to upgrade from one release to the next since the configuration files will only change when a column is added or renamed. 4) Shorewall now remembers the changes that it has made to routing as a result of entries in /etc/shorewall/providers and /etc/shorewall/route_rules and reverses those changes when appropriate. Happy Beta Testing, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key --------...

...eth0 detect net eth1 detect dhcp net eth2 detect dhcp,logmartians=0 providers: ISP! 1 1 main eth1 isp1_gw track,balance eth0 ISP2 2 2 main eth2 isp2_gw track,balance eth0 route_rules: eth1 - ISP1 1000 eth2 - ISP2 1000 tcrules: 1:P 0.0.0.0/0 1 $FW 2:P 192.168.0.0/24 0.0.0.0/0 tcp 10050,10051,10052,10053,10054 The problem is that some DNS requests, ssh connections from firew...

...DUPLICATE INTERFACE GATEWAY OPTIONS COPY ISP1 1 1 main eth0 217.100.100.254 track,balance eth1 ISP2 2 2 main eth2 213.132.100.254 track,balance eth3 route_rules: #SOURCE DEST PROVIDER PRIORITY eth0 - ISP1 1000 eth2 - ISP2 1000 tcfilters: #INTERFACE: SOURCE DEST PROTO DEST SOURCE TOS...

I have problem with my shorewall. We are now doing some stress test with a http application behind the shorewall. Firstly we send 10.000 requests to a http based application with no firewall. It can received 100% requests. But when we put shorewall in front of it then it stats to loose requests. Is there any packet limitation from shorewall all it''s about conntrack? Thanks for the reply.

...prog.header and /usr/share/shorewall/prog.header6 are now in a new library - lib.core. The files /usr/share/shorewall/prog.footer is now used for both IPv4 and IPv6. 6) Run-time address variables (e.g., &eth0) may now be used in the SOURCE column of the rtrules files. 7) The route_rules file has been renamed to ''rtrules''. The Shorewall and Shorewall6 installers will perform the rename on an existing file. If both files exist, route_rules will be processed and rtrules will be ignored with a warning. 8) A ''PROBABILITY'' column ha...

Hello all, It''s my first letter on this list, and, my English is not very well. Please take me indulgence for grammar/syntax and over erorrs :)) I have trouble for acl''s of ip range. But, acl for one host (with ip adress) work fine. Please help me for make work acl/find erorr in acl. Becouse I''m new shorewall user, I maked test configuration on Virtual Mashine

Hi All, As you probably all know :-) I''m trying to do the multi-isp thing. I''ve resolved my last issue with the route_rules as suggested by Tom and Jerry suggested. Lately I have been seeing "transient" (I say transient because the problem will persist for a while and then magically clear itself up some number of minutes later) situations where my gateway will log: Feb 9 17:23:45 gw.ilinx kernel: martian so...