Dear Sir, i want to use four lan card. eth0 --->ISP1, eth1---------->ISP2 , eth2--------> dmz ,eth3------------->loc zone. actually i want to implement multi isp failover.can i used four lan card shorewall firewall.basically i wil create four zone. eth0 from ISP1, eth1 fron second isp,eth2 from dmz zone and eth4 from local zone. it is possible in shorewall firewall. plz tell me On 12/31/08, shorewall-devel-request@lists.sourceforge.net < shorewall-devel-request@lists.sourceforge.net> wrote:> > Send Shorewall-devel mailing list submissions to > shorewall-devel@lists.sourceforge.net > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/shorewall-devel > or, via email, send a message with subject or body ''help'' to > shorewall-devel-request@lists.sourceforge.net > > You can reach the person managing the list at > shorewall-devel-owner@lists.sourceforge.net > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Shorewall-devel digest..." > > > Today''s Topics: > > 1. Updated IPv6 Sample Configurations (Tom Eastep) > 2. Shorewall 4.2.4 RC2 (Tom Eastep) > 3. Shorewall 4.2.4 RC3 (Tom Eastep) > 4. Re: Shorewall 4.2.4 RC3 (Tom Eastep) > 5. feature request to ease failover (Natanael Copa) > 6. Re: feature request to ease failover (Tom Eastep) > 7. Re: feature request to ease failover (Tom Eastep) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sat, 20 Dec 2008 08:18:51 -0800 > From: Tom Eastep <teastep@shorewall.net> > Subject: [Shorewall-devel] Updated IPv6 Sample Configurations > To: Shorewall Development <shorewall-devel@lists.sourceforge.net>, > Shorewall Announcements <shorewall-announce@lists.sourceforge.net> > Message-ID: <494D1AEB.7040608@shorewall.net> > Content-Type: text/plain; charset="iso-8859-1" > > We have uploaded corrected sample configurations to: > > > http://www1.shorewall.net/pub/shorewall/development/4.2/Shorewall-4.2.4-RC1/Samples6 > > ftp://ftp1.shorewall.net/pub/shorewall/development/4.2/Shorewall-4.2.4-RC1/Samples6 > > These files will be available on the mirrors shortly and should be used > in place of the samples packaged with RC1. > > -Tom > -- > Tom Eastep \ The ultimate result of shielding men from the > Shoreline, \ effects of folly is to fill the world with fools. > Washington, USA \ -Herbert Spencer > http://shorewall.net \________________________________________________ > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 257 bytes > Desc: OpenPGP digital signature > > ------------------------------ > > Message: 2 > Date: Mon, 22 Dec 2008 13:03:45 -0800 > From: Tom Eastep <teastep@shorewall.net> > Subject: [Shorewall-devel] Shorewall 4.2.4 RC2 > To: Shorewall Announcements > <shorewall-announce@lists.sourceforge.net>, Shorewall > Development > <shorewall-devel@lists.sourceforge.net> > Message-ID: <495000B1.6070707@shorewall.net> > Content-Type: text/plain; charset="iso-8859-1" > > RC2 is now available for testing. It corrects the same Shorewall-perl > problem that was corrected in 4.2.3.1 and includes a couple of > additional IPv6 fixes. See the release notes. > > -Tom > -- > Tom Eastep \ The ultimate result of shielding men from the > Shoreline, \ effects of folly is to fill the world with fools. > Washington, USA \ -Herbert Spencer > http://shorewall.net \________________________________________________ > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 257 bytes > Desc: OpenPGP digital signature > > ------------------------------ > > Message: 3 > Date: Sun, 28 Dec 2008 12:09:17 -0800 > From: Tom Eastep <teastep@shorewall.net> > Subject: [Shorewall-devel] Shorewall 4.2.4 RC3 > To: Shorewall Development <shorewall-devel@lists.sourceforge.net>, > Shorewall Announcements <shorewall-announce@lists.sourceforge.net> > Message-ID: <4957DCED.2050609@shorewall.net> > Content-Type: text/plain; charset="iso-8859-1" > > RC3 is now available for testing: > > http://www.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.4-RC2/ > ftp://www.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.4-RC2/ > > -Tom > -- > Tom Eastep \ The ultimate result of shielding men from the > Shoreline, \ effects of folly is to fill the world with fools. > Washington, USA \ -Herbert Spencer > http://shorewall.net \________________________________________________ > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 257 bytes > Desc: OpenPGP digital signature > > ------------------------------ > > Message: 4 > Date: Mon, 29 Dec 2008 16:25:20 -0800 > From: Tom Eastep <teastep@shorewall.net> > Subject: Re: [Shorewall-devel] Shorewall 4.2.4 RC3 > To: shorewall-devel@lists.sourceforge.net > Cc: Shorewall Announcements <shorewall-announce@lists.sourceforge.net> > Message-ID: <49596A70.1060401@shorewall.net> > Content-Type: text/plain; charset="iso-8859-1" > > Tom Eastep wrote: > > RC3 is now available for testing: > > > > > http://www.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.4-RC2/ > > > ftp://www.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.4-RC2/ > > Hmmm -- I just noticed that the url''s are wrong. Should be: > > http://www.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.4-RC3/ > ftp://www.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.4-RC3/ > > -Tom > -- > Tom Eastep \ The ultimate result of shielding men from the > Shoreline, \ effects of folly is to fill the world with fools. > Washington, USA \ -Herbert Spencer > http://shorewall.net \________________________________________________ > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 257 bytes > Desc: OpenPGP digital signature > > ------------------------------ > > Message: 5 > Date: Wed, 31 Dec 2008 10:47:46 +0100 > From: Natanael Copa <natanael.copa@gmail.com> > Subject: [Shorewall-devel] feature request to ease failover > To: shorewall-devel@lists.sourceforge.net > Message-ID: <1230716866.7505.8.camel@nc> > Content-Type: text/plain > > Hi, > > I started on writing a ping daemon for multi ISP setups. It pings > routers to monitor if isp is available or not. When status of an ISP > change it executes a configurable command. > > Now, to do a proper failover it might be needed to delete/add default > gateways. This might confuse shorewall with the multiisp setup. > > So, what would be *really* neat is a shorewall command to indicate the > status of an isp. For example > > shorewall provider ISP1 down > > will tell shorewall that ISP1 (defined in providers) is down and remove > that route. On restart it should not be confused if route is not there. > > and the corresponding: > > shorewall provider ISP1 up > > will tell shorewall that the ISP is available again and do the necessary > magic. Prefferible without recompiling the rules. > > What would be needed to get something like that working in shorewall? > > Other ideas on how to implement proper ISP failover with shorewall? > > -nc > > > > > ------------------------------ > > Message: 6 > Date: Wed, 31 Dec 2008 07:50:54 -0800 > From: Tom Eastep <teastep@shorewall.net> > Subject: Re: [Shorewall-devel] feature request to ease failover > To: shorewall-devel@lists.sourceforge.net > Message-ID: <495B94DE.1020506@shorewall.net> > Content-Type: text/plain; charset="iso-8859-1" > > Natanael Copa wrote: > > > > > Other ideas on how to implement proper ISP failover with shorewall? > > > > Make all of your providers ''optional'' -- then all you need to do is > ''shorewall restart''. In fact, you can use ''shorewall -f restart'' if you > are running a recent enough version of Shorewall; that skips the > compilation phase. > > -Tom > -- > Tom Eastep \ The ultimate result of shielding men from the > Shoreline, \ effects of folly is to fill the world with fools. > Washington, USA \ -Herbert Spencer > http://shorewall.net \________________________________________________ > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 257 bytes > Desc: OpenPGP digital signature > > ------------------------------ > > Message: 7 > Date: Wed, 31 Dec 2008 08:26:27 -0800 > From: Tom Eastep <teastep@shorewall.net> > Subject: Re: [Shorewall-devel] feature request to ease failover > To: shorewall-devel@lists.sourceforge.net > Message-ID: <495B9D33.4090008@shorewall.net> > Content-Type: text/plain; charset="iso-8859-1" > > Tom Eastep wrote: > > Natanael Copa wrote: > > > >> Other ideas on how to implement proper ISP failover with shorewall? > >> > > > > Make all of your providers ''optional'' -- then all you need to do is > > ''shorewall restart''. > > Also take note of the ''isusable'' extension script -- that script can be > used to extend Shorewall''s method of determining if an interface is up > or down. > > -Tom > -- > Tom Eastep \ The ultimate result of shielding men from the > Shoreline, \ effects of folly is to fill the world with fools. > Washington, USA \ -Herbert Spencer > http://shorewall.net \________________________________________________ > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 257 bytes > Desc: OpenPGP digital signature > > ------------------------------ > > > ------------------------------------------------------------------------------ > > > ------------------------------ > > _______________________________________________ > Shorewall-devel mailing list > Shorewall-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-devel > > > End of Shorewall-devel Digest, Vol 30, Issue 8 > ********************************************** >-- Shyam Kumar Verma System Administrator-IT Indo Asian Fusegear Ltd. Mobile No.9313107313 ------------------------------------------------------------------------------
Tom Eastep
2009-Jan-01 15:56 UTC
Re: Multi-ISP RTFM -- was Shorewall-devel Digest, Vol 30, Issue 8
shyam kumar wrote:> Dear Sir, > > i want to use four lan card. eth0 --->ISP1, eth1---------->ISP2 , > eth2--------> dmz ,eth3------------->loc zone. > actually i want to implement multi isp failover.can i used four lan card > shorewall firewall.basically i wil create four zone. > eth0 from ISP1, eth1 fron second isp,eth2 from dmz zone and eth4 from > local zone. > > it is possible in shorewall firewall.http://www.shorewall.net/MultiISP.html> plz tell me >And next time, start a new thread rather than respond to a digest post! -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------