Shorewall devel - Jan 2009 - Re: Shorewall-devel Digest, Vol 30, Issue 8

Dear Sir,

i want to use four lan card. eth0 --->ISP1, eth1---------->ISP2 ,
eth2--------> dmz ,eth3------------->loc zone.
actually i want to implement multi isp failover.can i used four lan card
shorewall firewall.basically i wil create four zone.
eth0 from ISP1, eth1 fron second isp,eth2 from dmz zone and eth4 from local
zone.

it is possible in shorewall firewall.
plz tell me

On 12/31/08, shorewall-devel-request@lists.sourceforge.net <
shorewall-devel-request@lists.sourceforge.net> wrote:
>
> Send Shorewall-devel mailing list submissions to
>         shorewall-devel@lists.sourceforge.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.sourceforge.net/lists/listinfo/shorewall-devel
> or, via email, send a message with subject or body ''help''
to
>         shorewall-devel-request@lists.sourceforge.net
>
> You can reach the person managing the list at
>         shorewall-devel-owner@lists.sourceforge.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Shorewall-devel digest..."
>
>
> Today''s Topics:
>
>    1. Updated IPv6 Sample Configurations (Tom Eastep)
>    2. Shorewall 4.2.4 RC2 (Tom Eastep)
>    3. Shorewall 4.2.4 RC3 (Tom Eastep)
>    4. Re: Shorewall 4.2.4 RC3 (Tom Eastep)
>    5. feature request to ease failover (Natanael Copa)
>    6. Re: feature request to ease failover (Tom Eastep)
>    7. Re: feature request to ease failover (Tom Eastep)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 20 Dec 2008 08:18:51 -0800
> From: Tom Eastep <teastep@shorewall.net>
> Subject: [Shorewall-devel] Updated IPv6 Sample Configurations
> To: Shorewall Development <shorewall-devel@lists.sourceforge.net>,
>         Shorewall Announcements
<shorewall-announce@lists.sourceforge.net>
> Message-ID: <494D1AEB.7040608@shorewall.net>
> Content-Type: text/plain; charset="iso-8859-1"
>
> We have uploaded corrected sample configurations to:
>
>
>
http://www1.shorewall.net/pub/shorewall/development/4.2/Shorewall-4.2.4-RC1/Samples6
>
>
ftp://ftp1.shorewall.net/pub/shorewall/development/4.2/Shorewall-4.2.4-RC1/Samples6
>
> These files will be available on the mirrors shortly and should be used
> in place of the samples packaged with RC1.
>
> -Tom
> --
> Tom Eastep        \ The ultimate result of shielding men from the
> Shoreline,         \ effects of folly is to fill the world with fools.
> Washington, USA     \                                 -Herbert Spencer
> http://shorewall.net \________________________________________________
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 257 bytes
> Desc: OpenPGP digital signature
>
> ------------------------------
>
> Message: 2
> Date: Mon, 22 Dec 2008 13:03:45 -0800
> From: Tom Eastep <teastep@shorewall.net>
> Subject: [Shorewall-devel] Shorewall 4.2.4 RC2
> To: Shorewall Announcements
>         <shorewall-announce@lists.sourceforge.net>,     Shorewall
> Development
>         <shorewall-devel@lists.sourceforge.net>
> Message-ID: <495000B1.6070707@shorewall.net>
> Content-Type: text/plain; charset="iso-8859-1"
>
> RC2 is now available for testing. It corrects the same Shorewall-perl
> problem that was corrected in 4.2.3.1 and includes a couple of
> additional IPv6 fixes. See the release notes.
>
> -Tom
> --
> Tom Eastep        \ The ultimate result of shielding men from the
> Shoreline,         \ effects of folly is to fill the world with fools.
> Washington, USA     \                                 -Herbert Spencer
> http://shorewall.net \________________________________________________
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 257 bytes
> Desc: OpenPGP digital signature
>
> ------------------------------
>
> Message: 3
> Date: Sun, 28 Dec 2008 12:09:17 -0800
> From: Tom Eastep <teastep@shorewall.net>
> Subject: [Shorewall-devel] Shorewall 4.2.4 RC3
> To: Shorewall Development <shorewall-devel@lists.sourceforge.net>,
>         Shorewall Announcements
<shorewall-announce@lists.sourceforge.net>
> Message-ID: <4957DCED.2050609@shorewall.net>
> Content-Type: text/plain; charset="iso-8859-1"
>
> RC3 is now available for testing:
>
> http://www.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.4-RC2/
> ftp://www.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.4-RC2/
>
> -Tom
> --
> Tom Eastep        \ The ultimate result of shielding men from the
> Shoreline,         \ effects of folly is to fill the world with fools.
> Washington, USA     \                                 -Herbert Spencer
> http://shorewall.net \________________________________________________
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 257 bytes
> Desc: OpenPGP digital signature
>
> ------------------------------
>
> Message: 4
> Date: Mon, 29 Dec 2008 16:25:20 -0800
> From: Tom Eastep <teastep@shorewall.net>
> Subject: Re: [Shorewall-devel] Shorewall 4.2.4 RC3
> To: shorewall-devel@lists.sourceforge.net
> Cc: Shorewall Announcements
<shorewall-announce@lists.sourceforge.net>
> Message-ID: <49596A70.1060401@shorewall.net>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Tom Eastep wrote:
> > RC3 is now available for testing:
> >
> >
> http://www.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.4-RC2/
> >
> ftp://www.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.4-RC2/
>
> Hmmm -- I just noticed that the url''s are wrong. Should be:
>
> http://www.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.4-RC3/
> ftp://www.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.4-RC3/
>
> -Tom
> --
> Tom Eastep        \ The ultimate result of shielding men from the
> Shoreline,         \ effects of folly is to fill the world with fools.
> Washington, USA     \                                 -Herbert Spencer
> http://shorewall.net \________________________________________________
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 257 bytes
> Desc: OpenPGP digital signature
>
> ------------------------------
>
> Message: 5
> Date: Wed, 31 Dec 2008 10:47:46 +0100
> From: Natanael Copa <natanael.copa@gmail.com>
> Subject: [Shorewall-devel] feature request to ease failover
> To: shorewall-devel@lists.sourceforge.net
> Message-ID: <1230716866.7505.8.camel@nc>
> Content-Type: text/plain
>
> Hi,
>
> I started on writing a ping daemon for multi ISP setups. It pings
> routers to monitor if isp is available or not. When status of an ISP
> change it executes a configurable command.
>
> Now, to do a proper failover it might be needed to delete/add default
> gateways. This might confuse shorewall with the multiisp setup.
>
> So, what would be *really* neat is a shorewall command to indicate the
> status of an isp. For example
>
>   shorewall provider ISP1 down
>
> will tell shorewall that ISP1 (defined in providers) is down and remove
> that route. On restart it should not be confused if route is not there.
>
> and the corresponding:
>
>   shorewall provider ISP1 up
>
> will tell shorewall that the ISP is available again and do the necessary
> magic. Prefferible without recompiling the rules.
>
> What would be needed to get something like that working in shorewall?
>
> Other ideas on how to implement proper ISP failover with shorewall?
>
> -nc
>
>
>
>
> ------------------------------
>
> Message: 6
> Date: Wed, 31 Dec 2008 07:50:54 -0800
> From: Tom Eastep <teastep@shorewall.net>
> Subject: Re: [Shorewall-devel] feature request to ease failover
> To: shorewall-devel@lists.sourceforge.net
> Message-ID: <495B94DE.1020506@shorewall.net>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Natanael Copa wrote:
>
> >
> > Other ideas on how to implement proper ISP failover with shorewall?
> >
>
> Make all of your providers ''optional'' -- then all you
need to do is
> ''shorewall restart''. In fact, you can use
''shorewall -f restart'' if you
> are running a recent enough version of Shorewall; that skips the
> compilation phase.
>
> -Tom
> --
> Tom Eastep        \ The ultimate result of shielding men from the
> Shoreline,         \ effects of folly is to fill the world with fools.
> Washington, USA     \                                 -Herbert Spencer
> http://shorewall.net \________________________________________________
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 257 bytes
> Desc: OpenPGP digital signature
>
> ------------------------------
>
> Message: 7
> Date: Wed, 31 Dec 2008 08:26:27 -0800
> From: Tom Eastep <teastep@shorewall.net>
> Subject: Re: [Shorewall-devel] feature request to ease failover
> To: shorewall-devel@lists.sourceforge.net
> Message-ID: <495B9D33.4090008@shorewall.net>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Tom Eastep wrote:
> > Natanael Copa wrote:
> >
> >> Other ideas on how to implement proper ISP failover with
shorewall?
> >>
> >
> > Make all of your providers ''optional'' -- then all
you need to do is
> > ''shorewall restart''.
>
> Also take note of the ''isusable'' extension script -- that
script can be
> used to extend Shorewall''s method of determining if an interface
is up
> or down.
>
> -Tom
> --
> Tom Eastep        \ The ultimate result of shielding men from the
> Shoreline,         \ effects of folly is to fill the world with fools.
> Washington, USA     \                                 -Herbert Spencer
> http://shorewall.net \________________________________________________
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 257 bytes
> Desc: OpenPGP digital signature
>
> ------------------------------
>
>
>
------------------------------------------------------------------------------
>
>
> ------------------------------
>
> _______________________________________________
> Shorewall-devel mailing list
> Shorewall-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-devel
>
>
> End of Shorewall-devel Digest, Vol 30, Issue 8
> **********************************************
>


-- 
Shyam Kumar Verma System Administrator-IT Indo Asian Fusegear Ltd.
Mobile No.9313107313


------------------------------------------------------------------------------

shyam kumar wrote:
> Dear Sir,
> 
> i want to use four lan card. eth0 --->ISP1, eth1---------->ISP2 ,
> eth2--------> dmz ,eth3------------->loc zone.
> actually i want to implement multi isp failover.can i used four lan card
> shorewall firewall.basically i wil create four zone.
> eth0 from ISP1, eth1 fron second isp,eth2 from dmz zone and eth4 from
> local zone.
> 
> it is possible in shorewall firewall.
http://www.shorewall.net/MultiISP.html
> plz tell me
>
And next time, start a new thread rather than respond to a digest post!

-Tom
-- 
Tom Eastep        \ The ultimate result of shielding men from the
Shoreline,         \ effects of folly is to fill the world with fools.
Washington, USA     \                                 -Herbert Spencer
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------