Shorewall users - Apr 2002 - Shorewall with 2 internet connections

We have a machine with two seperate internet connections (bot diferent
networks). My question is, is it possible to utilize shorewall in such a
way that to performs masqurading for both with only 3 NICs? Or should I
install a fourth NIC in the machine.


Private Network         -------> eth1 Wireless (Primary)
192.168.10.0/24 --------|
eth0                    -------> eth2 Cable (Secondary)

-Paul

On 12 Apr 2002, Paul Slinski wrote:
> We have a machine with two seperate internet connections (bot diferent
> networks). My question is, is it possible to utilize shorewall in such a
> way that to performs masqurading for both with only 3 NICs? Or should I
> install a fourth NIC in the machine.
>
>
> Private Network         -------> eth1 Wireless (Primary)
> 192.168.10.0/24 --------|
> eth0                    -------> eth2 Cable (Secondary)
>
Shorewall will handle this setup fine -- just add two entries in
/etc/shorewall/masq.

As I recall, the Linux Advanced Routing and Shaping HOWTO contains
instructions for setting up two default routes. So that connections from
your private network will be assigned to one interface or the other.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Paul,

If you get this working with both default routes, can you share with the
list?

Our situation is a cable and DSL route mix.

Thanks
Mark

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The reason for this was for a simple redundant connection so I added:

eth0:=09=09192.168.1.0/24
eth2=09=09192.168.1.0/24

to /etc/shorewall/masq

Really no complicated routing going on, but it is possable to shutdown eth2
if=20
the link goes down and bring up eth0 (assuming it''s link is up) then
restart=20
shorewall.

This works nice for a cheap redundancy solution, all I''m missing are
some=20
scripts to check the state of the interfaces and bring them up and down=20
accordingly.

IMHO, having a two connections up on the machine makes it that more
vulnerable=20
so we strayed from that configuration.

On April 17, 2002 12:45 pm, Mark Underwood wrote:
> Paul,
>
> If you get this working with both default routes, can you share with the
> list?
>
> Our situation is a cable and DSL route mix.
>
> Thanks
> Mark
- --=20
Paul Slinski
System Administrator
Global IQX
http://www.globaliqx.com/
pauls@globaliqx.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8vcZ3mw6AneFgGfURAm52AJ9aqyE95vPAof60TEZxKigLxot3NACdHISJ
WSwsVIX6LJZXtW1dUSNK1f8=3D
=3DbmW3
-----END PGP SIGNATURE-----