I have scoured the net, gotten a few pointers from Tom(while he was on vaca,
thanks tom) and looked at several books and still have not come up with a
satisfactory solution.
I know someone has done it!
Can some one point me to a reference for how to route two wan nics and two
internal nics on the same box.
I have tried using ip add to setup two separate lookup tables and route tables
but to know avail. Any help greatly appreciated!
This is what I have
66.92.114.46 209.141.2.194
| |
xxxxxxxxxxxxxxxx
redhat 7.3 will run ShoreWall
xxxxxxxxxxxxxxxx
192.168.119.101 192.168.120.101
| |
each network will have servers running here
192.168.119.100 192.168.120.100
xxxxxxxxxxxxxxxxx
failover box
xxxxxxxxxxxxxxxxx
192.168.121.101
internal mail server
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C25655.60AC03D0
Content-Type: text/plain
Hi,
This URL should help you out
http://lartc.org/howto/ <http://lartc.org/howto/> (check chapter 4!)
Regards, Niels
-----Original Message-----
From: Thad Marsh [mailto:thad@marshtek.com]
Sent: zaterdag 7 september 2002 2:40
To: shorewall-users@shorewall.net
Subject: [Shorewall-users] 4 nic linux router
I have scoured the net, gotten a few pointers from Tom(while he was on vaca,
thanks tom) and looked at several books and still have not come up with a
satisfactory solution.
I know someone has done it!
Can some one point me to a reference for how to route two wan nics and two
internal nics on the same box.
I have tried using ip add to setup two separate lookup tables and route
tables but to know avail. Any help greatly appreciated!
This is what I have
66.92.114.46 209.141.2.194
| |
xxxxxxxxxxxxxxxx
redhat 7.3 will run ShoreWall
xxxxxxxxxxxxxxxx
192.168.119.101 192.168.120.101
| |
each network will have servers running here
192.168.119.100 192.168.120.100
xxxxxxxxxxxxxxxxx
failover box
xxxxxxxxxxxxxxxxx
192.168.121.101
internal mail server
------_=_NextPart_001_01C25655.60AC03D0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<html xmlns:o=3D"urn:schemas-microsoft-com:office:office"
xmlns:w=3D"urn:schemas-microsoft-com:office:word"
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html;
charset=3Dus-ascii">
<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List
href=3D"cid:filelist.xml@01C25666.2535A200">
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:HyphenationZone>21</w:HyphenationZone>
<w:EnvelopeVis/>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:553679495 -2147483648 8 0 66047 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0cm;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
p.MsoAutoSig, li.MsoAutoSig, div.MsoAutoSig
{margin:0cm;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
span.EmailStyle18
{mso-style-type:personal;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:black;}
span.EmailStyle19
{mso-style-type:personal-reply;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:navy;}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
span.GramE
{mso-style-name:"";
mso-gram-e:yes;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;
mso-header-margin:36.0pt;
mso-footer-margin:36.0pt;
mso-paper-source:0;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:698697873;
mso-list-template-ids:653670154;}
@list l0:level1
{mso-level-start-at:66;
mso-level-text:%1;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
margin-left:108.0pt;
text-indent:-108.0pt;}
@list l0:level2
{mso-level-start-at:92;
mso-level-text:"%1\.%2";
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
margin-left:108.0pt;
text-indent:-108.0pt;}
@list l0:level3
{mso-level-start-at:114;
mso-level-text:"%1\.%2\.%3";
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-108.0pt;}
@list l0:level4
{mso-level-start-at:46;
mso-level-text:"%1\.%2\.%3\.%4";
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
margin-left:108.0pt;
text-indent:-108.0pt;}
@list l0:level5
{mso-level-text:"%1\.%2\.%3\.%4\.%5";
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
margin-left:108.0pt;
text-indent:-108.0pt;}
@list l0:level6
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6";
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
margin-left:108.0pt;
text-indent:-108.0pt;}
@list l0:level7
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7";
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
margin-left:108.0pt;
text-indent:-108.0pt;}
@list l0:level8
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8";
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
margin-left:108.0pt;
text-indent:-108.0pt;}
@list l0:level9
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8\.%9";
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
margin-left:108.0pt;
text-indent:-108.0pt;}
@list l1
{mso-list-id:1439061125;
mso-list-template-ids:-2037485602;}
@list l1:level1
{mso-level-start-at:192;
mso-level-text:%1;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
margin-left:108.0pt;
text-indent:-108.0pt;}
@list l1:level2
{mso-level-start-at:168;
mso-level-text:"%1\.%2";
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
margin-left:108.0pt;
text-indent:-108.0pt;}
@list l1:level3
{mso-level-start-at:119;
mso-level-text:"%1\.%2\.%3";
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-108.0pt;}
@list l1:level4
{mso-level-start-at:100;
mso-level-text:"%1\.%2\.%3\.%4";
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
margin-left:108.0pt;
text-indent:-108.0pt;}
@list l1:level5
{mso-level-text:"%1\.%2\.%3\.%4\.%5";
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
margin-left:108.0pt;
text-indent:-108.0pt;}
@list l1:level6
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6";
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
margin-left:108.0pt;
text-indent:-108.0pt;}
@list l1:level7
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7";
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
margin-left:108.0pt;
text-indent:-108.0pt;}
@list l1:level8
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8";
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
margin-left:108.0pt;
text-indent:-108.0pt;}
@list l1:level9
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8\.%9";
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
margin-left:108.0pt;
text-indent:-108.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]-->
</head>
<body lang=3DNL link=3Dblue vlink=3Dpurple
style=3D''tab-interval:36.0pt''>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy
face=3DArial><span lang=3DEN-GB
style=3D''font-size:10.0pt;font-family:Arial;color:navy;mso-ansi-language:EN-GB''>Hi,<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy
face=3DArial><span lang=3DEN-GB
style=3D''font-size:10.0pt;font-family:Arial;color:navy;mso-ansi-language:EN-GB''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy
face=3DArial><span lang=3DEN-GB
style=3D''font-size:10.0pt;font-family:Arial;color:navy;mso-ansi-language:EN-GB''>This
URL should help you
out<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy
face=3DArial><span lang=3DEN-GB
style=3D''font-size:10.0pt;font-family:Arial;color:navy;mso-ansi-language:EN-GB''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy
face=3DArial><span lang=3DEN-GB
style=3D''font-size:10.0pt;font-family:Arial;color:navy;mso-ansi-language:EN-GB''><a
href=3D"http://lartc.org/howto/">http://lartc.org/howto/</a>
(check chapter 4!)<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy
face=3DArial><span lang=3DEN-GB
style=3D''font-size:10.0pt;font-family:Arial;color:navy;mso-ansi-language:EN-GB''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy
face=3DArial><span lang=3DEN-GB
style=3D''font-size:10.0pt;font-family:Arial;color:navy;mso-ansi-language:EN-GB''>Regards,
<span
class=3DSpellE>Niels</span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy
face=3DArial><span lang=3DEN-GB
style=3D''font-size:10.0pt;font-family:Arial;color:navy;mso-ansi-language:EN-GB''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy
face=3DArial><span lang=3DEN-GB
style=3D''font-size:10.0pt;font-family:Arial;color:navy;mso-ansi-language:EN-GB''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal
style=3D''margin-left:36.0pt''><font size=3D2
face=3DTahoma><span
lang=3DEN-US
style=3D''font-size:10.0pt;font-family:Tahoma;mso-ansi-language:EN-US''>-----Original
Message-----<br>
<b><span
style=3D''font-weight:bold''>From:</span></b>
Thad Marsh
[mailto:thad@marshtek.com<span class=3DGramE>] <br>
<b><span
style=3D''font-weight:bold''>Sent</span></b></span><b><span
style=3D''font-weight:bold''>:</span></b>
zaterdag 7 september 2002 2:40<br>
<b><span
style=3D''font-weight:bold''>To:</span></b>
shorewall-users@shorewall.net<br>
<b><span
style=3D''font-weight:bold''>Subject:</span></b>
[Shorewall-users] 4 nic
linux router</span></font></p>
<p class=3DMsoNormal
style=3D''margin-left:36.0pt''><font size=3D3
face=3D"Times New Roman"><span
style=3D''font-size:12.0pt''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal
style=3D''margin-left:36.0pt''><font size=3D3
color=3Dblack
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;color:black;
mso-ansi-language:EN-US''>I have scoured the net, gotten a few
pointers from
Tom(while he was on vaca, thanks tom) and looked at several books and still
have not come up with a satisfactory solution.<span
style=3D''mso-spacerun:yes''>
</span></span></font><span lang=3DEN-US
style=3D''mso-ansi-language:EN-US''><o:p></o:p></span></p>
<p class=3DMsoNormal
style=3D''margin-left:36.0pt''><font size=3D3
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;mso-ansi-language:
EN-US''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal
style=3D''margin-left:36.0pt''><font size=3D3
color=3Dblack
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;color:black;
mso-ansi-language:EN-US''>I know someone has done it!<span
style=3D''mso-spacerun:yes''>
</span></span></font><span lang=3DEN-US
style=3D''mso-ansi-language:EN-US''><o:p></o:p></span></p>
<p class=3DMsoNormal
style=3D''margin-left:36.0pt''><font size=3D3
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;mso-ansi-language:
EN-US''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal
style=3D''margin-left:36.0pt''><font size=3D3
color=3Dblack
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;color:black;
mso-ansi-language:EN-US''>Can some one point me to a reference for
how to route
two wan nics and two internal nics on the same box.<span
style=3D''mso-spacerun:yes''>
</span></span></font><span lang=3DEN-US
style=3D''mso-ansi-language:EN-US''><o:p></o:p></span></p>
<p class=3DMsoNormal
style=3D''margin-left:36.0pt''><font size=3D3
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;mso-ansi-language:
EN-US''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal
style=3D''margin-left:36.0pt''><font size=3D3
color=3Dblack
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;color:black;
mso-ansi-language:EN-US''>I have tried using ip add to setup two
separate lookup
tables and route tables but to know avail. Any help greatly
appreciated!</span></font><span
lang=3DEN-US
style=3D''mso-ansi-language:EN-US''><o:p></o:p></span></p>
<p class=3DMsoNormal
style=3D''margin-left:36.0pt''><font size=3D3
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;mso-ansi-language:
EN-US''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal
style=3D''margin-left:36.0pt''><font size=3D3
color=3Dblack
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;color:black;
mso-ansi-language:EN-US''>This is what I have
</span></font><span lang=3DEN-US
style=3D''mso-ansi-language:EN-US''><o:p></o:p></span></p>
<p class=3DMsoNormal
style=3D''margin-left:36.0pt''><font size=3D3
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;mso-ansi-language:
EN-US''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal
style=3D''margin-left:144.0pt;text-indent:-108.0pt;mso-list:
l0 level4 lfo2;tab-stops:list 144.0pt''><![if
!supportLists]><font size=3D3
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;mso-ansi-language:
EN-US''><span
style=3D''mso-list:Ignore''>66.92.114.46<font size=3D1
face=3D"Times New Roman"><span style=3D''font:7.0pt
"Times New
Roman"''>
</span></font></span></span></font><![endif]><font
color=3Dblack><span
lang=3DEN-US
style=3D''color:black;mso-ansi-language:EN-US''>209.141.2.194</span></font><span
lang=3DEN-US
style=3D''mso-ansi-language:EN-US''><o:p></o:p></span></p>
<p class=3DMsoNormal
style=3D''margin-left:72.0pt''><font size=3D3
color=3Dblack
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;color:black;
mso-ansi-language:EN-US''>|<span
style=3D''mso-tab-count:2''>
</span>|</span></font><span
lang=3DEN-US
style=3D''mso-ansi-language:EN-US''><o:p></o:p></span></p>
<p class=3DMsoNormal
style=3D''margin-left:72.0pt''><font size=3D3
color=3Dblack
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;color:black;
mso-ansi-language:EN-US''>xxxxxxxxxxxxxxxx</span></font><span
lang=3DEN-US
style=3D''mso-ansi-language:EN-US''><o:p></o:p></span></p>
<p class=3DMsoNormal
style=3D''margin-left:72.0pt''><font size=3D3
color=3Dblack
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;color:black;
mso-ansi-language:EN-US''>redhat 7.3 will run
ShoreWall</span></font><span
lang=3DEN-US
style=3D''mso-ansi-language:EN-US''><o:p></o:p></span></p>
<p class=3DMsoNormal
style=3D''margin-left:72.0pt''><font size=3D3
color=3Dblack
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;color:black;
mso-ansi-language:EN-US''>xxxxxxxxxxxxxxxx</span></font><span
lang=3DEN-US
style=3D''mso-ansi-language:EN-US''><o:p></o:p></span></p>
<p class=3DMsoNormal
style=3D''margin-left:36.0pt''><font size=3D3
color=3Dblack
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;color:black;
mso-ansi-language:EN-US''>192.168.119.101<span
style=3D''mso-tab-count:1''>
</span>192.168.120.101</span></font><span
lang=3DEN-US
style=3D''mso-ansi-language:EN-US''><o:p></o:p></span></p>
<p class=3DMsoNormal
style=3D''margin-left:36.0pt''><font size=3D3
color=3Dblack
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;color:black;
mso-ansi-language:EN-US''><span
style=3D''mso-tab-count:1''>
</span>|<span
style=3D''mso-tab-count:3''>
</span>|<span
style=3D''mso-tab-count:3''>
</span>each network
will have servers running here</span></font><span lang=3DEN-US
style=3D''mso-ansi-language:
EN-US''><o:p></o:p></span></p>
<p class=3DMsoNormal
style=3D''margin-left:144.0pt;text-indent:-108.0pt;mso-list:
l1 level4 lfo4;tab-stops:list 144.0pt''><![if
!supportLists]><font size=3D3
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;mso-ansi-language:
EN-US''><span
style=3D''mso-list:Ignore''>192.168.119.100<font size=3D1
face=3D"Times New Roman"><span style=3D''font:7.0pt
"Times New
Roman"''>
</span></font></span></span></font><![endif]><font
color=3Dblack><span
lang=3DEN-US
style=3D''color:black;mso-ansi-language:EN-US''>192.168.120.100</span></font><span
lang=3DEN-US
style=3D''mso-ansi-language:EN-US''><o:p></o:p></span></p>
<p class=3DMsoNormal
style=3D''margin-left:72.0pt''><font size=3D3
color=3Dblack
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;color:black;
mso-ansi-language:EN-US''>xxxxxxxxxxxxxxxxx</span></font><span
lang=3DEN-US
style=3D''mso-ansi-language:EN-US''><o:p></o:p></span></p>
<p class=3DMsoNormal
style=3D''margin-left:72.0pt''><font size=3D3
color=3Dblack
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;color:black;
mso-ansi-language:EN-US''>failover
box</span></font><span lang=3DEN-US
style=3D''mso-ansi-language:EN-US''><o:p></o:p></span></p>
<p class=3DMsoNormal
style=3D''margin-left:72.0pt''><font size=3D3
color=3Dblack
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;color:black;
mso-ansi-language:EN-US''>xxxxxxxxxxxxxxxxx</span></font><span
lang=3DEN-US
style=3D''mso-ansi-language:EN-US''><o:p></o:p></span></p>
<p class=3DMsoNormal
style=3D''margin-left:72.0pt''><font size=3D3
color=3Dblack
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;color:black;
mso-ansi-language:EN-US''>192.168.121.101</span></font><span
lang=3DEN-US
style=3D''mso-ansi-language:EN-US''><o:p></o:p></span></p>
<p class=3DMsoNormal
style=3D''margin-left:72.0pt''><font size=3D3
color=3Dblack
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;color:black;
mso-ansi-language:EN-US''>internal mail
server</span></font><span lang=3DEN-US
style=3D''mso-ansi-language:EN-US''><o:p></o:p></span></p>
<p class=3DMsoNormal
style=3D''margin-left:36.0pt''><font size=3D3
face=3D"Times New Roman"><span lang=3DEN-US
style=3D''font-size:12.0pt;mso-ansi-language:
EN-US''><o:p> </o:p></span></font></p>
</div>
</body>
</html>
------_=_NextPart_001_01C25655.60AC03D0--
Thanks Niels,
I had looked at the url you posted and it was in fact the closest bit of
information I had found to what I am trying to do. The only problem was that I
wasn''t trying to split 2 wan to one but rather 2wan to 2 local. I
tried doing this but it didn''t seem to work.
The lists would not accept * line below, probably syntax but I could not find:
ip rule add from 66.92.114.46 lookup 1
*ip route add 192.168.119.0/24 via 192.168.119.101 table 1
ip route add 0/0 via 66.92.114.33 table 1
ip rule add from 209.141.2.194 lookup 2
*ip route add 192.168.120.0/24 via 192.168.120.101 table 1
ip route add 0/0 via 209.141.2.194 table 1
ip rule list
0: from all lookup local
32764: from 209.141.2.194 lookup 2
32765: from 66.92.114.46 lookup 1
32766: from all lookup main
32767: from all lookup 253
ip route list table 1
192.168.119.0/24 via 192.168.119.101 dev eth2
default via 66.92.114.33 dev eth0
ip route list table 2
192.168.120.0/24 via 192.168.120.101 dev eth3
default via 209.141.2.195 dev eth1
let me know if you see something easy?
-----Original Message-----
From: niels@wxn.nl [mailto:niels@wxn.nl]
Sent: Saturday, September 07, 2002 6:00 AM
To: Thad Marsh; shorewall-users@shorewall.net
Subject: RE: [Shorewall-users] 4 nic linux router
Hi,
This URL should help you out
http://lartc.org/howto/ (check chapter 4!)
Regards, Niels
-----Original Message-----
From: Thad Marsh [mailto:thad@marshtek.com]
Sent: zaterdag 7 september 2002 2:40
To: shorewall-users@shorewall.net
Subject: [Shorewall-users] 4 nic linux router
I have scoured the net, gotten a few pointers from Tom(while he was on vaca,
thanks tom) and looked at several books and still have not come up with a
satisfactory solution.
I know someone has done it!
Can some one point me to a reference for how to route two wan nics and two
internal nics on the same box.
I have tried using ip add to setup two separate lookup tables and route tables
but to know avail. Any help greatly appreciated!
This is what I have
66.92.114.46 209.141.2.194
| |
xxxxxxxxxxxxxxxx
redhat 7.3 will run ShoreWall
xxxxxxxxxxxxxxxx
192.168.119.101 192.168.120.101
| |
each network will have servers running here
192.168.119.100 192.168.120.100
xxxxxxxxxxxxxxxxx
failover box
xxxxxxxxxxxxxxxxx
192.168.121.101
internal mail server
1.> *ip route add 192.168.119.0/24 via 192.168.119.101 table 1It''s your local route to your local subnet... So there isn''t a "via", I think you mean: #ip route add 192.168.119.0/24 dev ethX table 1 And this isn''t correct too:> ip rule add from 209.141.2.194 lookup 2I think you meant: #ip rule add from 209.141.2.194 pref 2 2. I never did this exact same setup before but I think it should work like this: Every interface has an IP adress and subnet (for example /24) and an interface number: For example I made up these ifnumbers: Eth0 = 66.92.114.46/24 Eth1 = 209.141.2.194/24 Eth2 = 192.168.119.101/24 Eth3 = 192.168.120.101/24 Then I would make the ip rules depending on the interface the packet arrives on, and not the subnet! So if I didn''t oversee anything then this should work for you: #ip ru add dev eth0 table 1 pref 1 #ip ru add dev eth2 table 1 pref 1 #ip ru add dev eth1 table 2 pref 2 #ip ru add dev eth3 table 2 pref 2 #ip ro add default via 66.92.114.33 dev eth0 table 1 #ip ro add default via 209.141.2.194 dev eth1 table 2 #ip ro add 192.168.119.0/24 dev eth2 table 1 #ip ro add 192.168.120.0/24 dev eth3 table 2 Hope it helps, Niels. -----Original Message----- From: Thad Marsh [mailto:thad@marshtek.com] Sent: zaterdag 7 september 2002 14:44 To: niels@wxn.nl; shorewall-users@shorewall.net Subject: RE: [Shorewall-users] 4 nic linux router Thanks Niels, I had looked at the url you posted and it was in fact the closest bit of information I had found to what I am trying to do. The only problem was that I wasn''t trying to split 2 wan to one but rather 2wan to 2 local. I tried doing this but it didn''t seem to work. The lists would not accept * line below, probably syntax but I could not find: ip rule add from 66.92.114.46 lookup 1 *ip route add 192.168.119.0/24 via 192.168.119.101 table 1 ip route add 0/0 via 66.92.114.33 table 1 ip rule add from 209.141.2.194 lookup 2 *ip route add 192.168.120.0/24 via 192.168.120.101 table 1 ip route add 0/0 via 209.141.2.194 table 1 ip rule list 0: from all lookup local 32764: from 209.141.2.194 lookup 2 32765: from 66.92.114.46 lookup 1 32766: from all lookup main 32767: from all lookup 253 ip route list table 1 192.168.119.0/24 via 192.168.119.101 dev eth2 default via 66.92.114.33 dev eth0 ip route list table 2 192.168.120.0/24 via 192.168.120.101 dev eth3 default via 209.141.2.195 dev eth1 let me know if you see something easy? -----Original Message----- From: niels@wxn.nl [mailto:niels@wxn.nl] Sent: Saturday, September 07, 2002 6:00 AM To: Thad Marsh; shorewall-users@shorewall.net Subject: RE: [Shorewall-users] 4 nic linux router Hi, This URL should help you out http://lartc.org/howto/ (check chapter 4!) Regards, Niels -----Original Message----- From: Thad Marsh [mailto:thad@marshtek.com] Sent: zaterdag 7 september 2002 2:40 To: shorewall-users@shorewall.net Subject: [Shorewall-users] 4 nic linux router I have scoured the net, gotten a few pointers from Tom(while he was on vaca, thanks tom) and looked at several books and still have not come up with a satisfactory solution. I know someone has done it! Can some one point me to a reference for how to route two wan nics and two internal nics on the same box. I have tried using ip add to setup two separate lookup tables and route tables but to know avail. Any help greatly appreciated! This is what I have 66.92.114.46 209.141.2.194 | | xxxxxxxxxxxxxxxx redhat 7.3 will run ShoreWall xxxxxxxxxxxxxxxx 192.168.119.101 192.168.120.101 | | each network will have servers running here 192.168.119.100 192.168.120.100 xxxxxxxxxxxxxxxxx failover box xxxxxxxxxxxxxxxxx 192.168.121.101 internal mail server
Niels,
Great thanks I changed the routes and rules around but with ShoreWall
routestopped I cannot ping 192.168.119.100.=20
traceroute 192.168.119.100
traceroute to 192.168.119.100 (192.168.119.100), 30 hops max, 38 byte packets
1 192.168.119.101 (192.168.119.101) 2996.959 ms !H 2999.577 ms !H 2999.887 ms
!H
any ideas?
Also don''t I need to do something like this to make it run each time?
ip route commands must be executed each time you ifup the appropriate interface.
Add the following lines to /etc/sysconfig/network-scripts/ifup-routes:=20
# Add any advanced routes
grep "^advanced " /etc/sysconfig/static-routes |
while read ignore dev args; do
if [ "$dev" =3D "$1" ]; then
/sbin/ip route add $args
fi
done
again thanks for all your help!
-----Original Message-----
From: niels@wxn.nl [mailto:niels@wxn.nl]
Sent: Sunday, September 08, 2002 7:41 AM
To: shorewall-users@shorewall.net
Cc: Thad Marsh
Subject: RE: [Shorewall-users] 4 nic linux router
1.
> *ip route add 192.168.119.0/24 via 192.168.119.101 table 1
It''s your local route to your local subnet... So there isn''t a
"via", I
think you mean:
#ip route add 192.168.119.0/24 dev ethX table 1
And this isn''t correct too:> ip rule add from 209.141.2.194 lookup 2
I think you meant:
#ip rule add from 209.141.2.194 pref 2
2.
I never did this exact same setup before but I think it should work like
this:
Every interface has an IP adress and subnet (for example /24) and an
interface number:
For example I made up these ifnumbers:
Eth0 =3D 66.92.114.46/24
Eth1 =3D 209.141.2.194/24
Eth2 =3D 192.168.119.101/24
Eth3 =3D 192.168.120.101/24
Then I would make the ip rules depending on the interface the packet arrives
on, and not the subnet!
So if I didn''t oversee anything then this should work for you:
#ip ru add dev eth0 table 1 pref 1
#ip ru add dev eth2 table 1 pref 1
#ip ru add dev eth1 table 2 pref 2
#ip ru add dev eth3 table 2 pref 2
#ip ro add default via 66.92.114.33 dev eth0 table 1
#ip ro add default via 209.141.2.194 dev eth1 table 2
#ip ro add 192.168.119.0/24 dev eth2 table 1
#ip ro add 192.168.120.0/24 dev eth3 table 2
Hope it helps,
Niels.
-----Original Message-----
From: Thad Marsh [mailto:thad@marshtek.com]
Sent: zaterdag 7 september 2002 14:44
To: niels@wxn.nl; shorewall-users@shorewall.net
Subject: RE: [Shorewall-users] 4 nic linux router
Thanks Niels,
I had looked at the url you posted and it was in fact the closest bit of
information I had found to what I am trying to do. The only problem was
that I wasn''t trying to split 2 wan to one but rather 2wan to 2 local.
I
tried doing this but it didn''t seem to work.
The lists would not accept * line below, probably syntax but I could not
find:
ip rule add from 66.92.114.46 lookup 1
*ip route add 192.168.119.0/24 via 192.168.119.101 table 1
ip route add 0/0 via 66.92.114.33 table 1
ip rule add from 209.141.2.194 lookup 2
*ip route add 192.168.120.0/24 via 192.168.120.101 table 1
ip route add 0/0 via 209.141.2.194 table 1
ip rule list
0: from all lookup local
32764: from 209.141.2.194 lookup 2
32765: from 66.92.114.46 lookup 1
32766: from all lookup main
32767: from all lookup 253
ip route list table 1
192.168.119.0/24 via 192.168.119.101 dev eth2
default via 66.92.114.33 dev eth0
ip route list table 2
192.168.120.0/24 via 192.168.120.101 dev eth3
default via 209.141.2.195 dev eth1
let me know if you see something easy?
-----Original Message-----
From: niels@wxn.nl [mailto:niels@wxn.nl]
Sent: Saturday, September 07, 2002 6:00 AM
To: Thad Marsh; shorewall-users@shorewall.net
Subject: RE: [Shorewall-users] 4 nic linux router
Hi,
This URL should help you out
http://lartc.org/howto/ (check chapter 4!)
Regards, Niels
-----Original Message-----
From: Thad Marsh [mailto:thad@marshtek.com]
Sent: zaterdag 7 september 2002 2:40
To: shorewall-users@shorewall.net
Subject: [Shorewall-users] 4 nic linux router
I have scoured the net, gotten a few pointers from Tom(while he was on vaca,
thanks tom) and looked at several books and still have not come up with a
satisfactory solution.=20
I know someone has done it!=20
Can some one point me to a reference for how to route two wan nics and two
internal nics on the same box.=20
I have tried using ip add to setup two separate lookup tables and route
tables but to know avail. Any help greatly appreciated!
This is what I have
66.92.114.46 209.141.2.194
| |
xxxxxxxxxxxxxxxx
redhat 7.3 will run ShoreWall
xxxxxxxxxxxxxxxx
192.168.119.101 192.168.120.101
| |
each network will have servers running here
192.168.119.100 192.168.120.100
xxxxxxxxxxxxxxxxx
failover box
xxxxxxxxxxxxxxxxx
192.168.121.101
internal mail server
Is there a way to tell if the routes I add below are active? After adding this is what I get: telnet 192.168.119.100 25 Trying 192.168.119.100... telnet: connect to address 192.168.119.100: No route to host Thanks! -----Original Message----- From: niels@wxn.nl [mailto:niels@wxn.nl] Sent: Sunday, September 08, 2002 7:41 AM To: shorewall-users@shorewall.net Cc: Thad Marsh Subject: RE: [Shorewall-users] 4 nic linux router 1.> *ip route add 192.168.119.0/24 via 192.168.119.101 table 1It''s your local route to your local subnet... So there isn''t a "via", I think you mean: #ip route add 192.168.119.0/24 dev ethX table 1 And this isn''t correct too:> ip rule add from 209.141.2.194 lookup 2I think you meant: #ip rule add from 209.141.2.194 pref 2 2. I never did this exact same setup before but I think it should work like this: Every interface has an IP adress and subnet (for example /24) and an interface number: For example I made up these ifnumbers: Eth0 =3D 66.92.114.46/24 Eth1 =3D 209.141.2.194/24 Eth2 =3D 192.168.119.101/24 Eth3 =3D 192.168.120.101/24 Then I would make the ip rules depending on the interface the packet arrives on, and not the subnet! So if I didn''t oversee anything then this should work for you: #ip ru add dev eth0 table 1 pref 1 #ip ru add dev eth2 table 1 pref 1 #ip ru add dev eth1 table 2 pref 2 #ip ru add dev eth3 table 2 pref 2 #ip ro add default via 66.92.114.33 dev eth0 table 1 #ip ro add default via 209.141.2.194 dev eth1 table 2 #ip ro add 192.168.119.0/24 dev eth2 table 1 #ip ro add 192.168.120.0/24 dev eth3 table 2 Hope it helps, Niels. -----Original Message----- From: Thad Marsh [mailto:thad@marshtek.com] Sent: zaterdag 7 september 2002 14:44 To: niels@wxn.nl; shorewall-users@shorewall.net Subject: RE: [Shorewall-users] 4 nic linux router Thanks Niels, I had looked at the url you posted and it was in fact the closest bit of information I had found to what I am trying to do. The only problem was that I wasn''t trying to split 2 wan to one but rather 2wan to 2 local. I tried doing this but it didn''t seem to work. The lists would not accept * line below, probably syntax but I could not find: ip rule add from 66.92.114.46 lookup 1 *ip route add 192.168.119.0/24 via 192.168.119.101 table 1 ip route add 0/0 via 66.92.114.33 table 1 ip rule add from 209.141.2.194 lookup 2 *ip route add 192.168.120.0/24 via 192.168.120.101 table 1 ip route add 0/0 via 209.141.2.194 table 1 ip rule list 0: from all lookup local 32764: from 209.141.2.194 lookup 2 32765: from 66.92.114.46 lookup 1 32766: from all lookup main 32767: from all lookup 253 ip route list table 1 192.168.119.0/24 via 192.168.119.101 dev eth2 default via 66.92.114.33 dev eth0 ip route list table 2 192.168.120.0/24 via 192.168.120.101 dev eth3 default via 209.141.2.195 dev eth1 let me know if you see something easy? -----Original Message----- From: niels@wxn.nl [mailto:niels@wxn.nl] Sent: Saturday, September 07, 2002 6:00 AM To: Thad Marsh; shorewall-users@shorewall.net Subject: RE: [Shorewall-users] 4 nic linux router Hi, This URL should help you out http://lartc.org/howto/ (check chapter 4!) Regards, Niels -----Original Message----- From: Thad Marsh [mailto:thad@marshtek.com] Sent: zaterdag 7 september 2002 2:40 To: shorewall-users@shorewall.net Subject: [Shorewall-users] 4 nic linux router I have scoured the net, gotten a few pointers from Tom(while he was on vaca, thanks tom) and looked at several books and still have not come up with a satisfactory solution.=20 I know someone has done it!=20 Can some one point me to a reference for how to route two wan nics and two internal nics on the same box.=20 I have tried using ip add to setup two separate lookup tables and route tables but to know avail. Any help greatly appreciated! This is what I have 66.92.114.46 209.141.2.194 | | xxxxxxxxxxxxxxxx redhat 7.3 will run ShoreWall xxxxxxxxxxxxxxxx 192.168.119.101 192.168.120.101 | | each network will have servers running here 192.168.119.100 192.168.120.100 xxxxxxxxxxxxxxxxx failover box xxxxxxxxxxxxxxxxx 192.168.121.101 internal mail server
Here is what I have: ip route 66.92.114.32/28 dev eth0 scope link 209.141.2.192/27 dev eth1 scope link 192.168.119.0/24 dev eth2 scope link 192.168.120.0/24 dev eth3 scope link 127.0.0.0/8 dev lo scope link default via 66.92.114.33 dev eth0 ip ro ls table 1 192.168.119.0/24 dev eth2 scope link default via 66.92.114.33 dev eth0 ip ro ls table 2 192.168.120.0/24 dev eth3 scope link default via 209.141.2.194 dev eth1 Since these look right how do I make sure that this is what the cards are reading is just understood that if these routes exist the system will read? -----Original Message----- From: Thad Marsh=20 Sent: Sunday, September 08, 2002 9:45 AM To: niels@wxn.nl; shorewall-users@shorewall.net Subject: RE: [Shorewall-users] 4 nic linux router Is there a way to tell if the routes I add below are active? After adding this is what I get: telnet 192.168.119.100 25 Trying 192.168.119.100... telnet: connect to address 192.168.119.100: No route to host Thanks! -----Original Message----- From: niels@wxn.nl [mailto:niels@wxn.nl] Sent: Sunday, September 08, 2002 7:41 AM To: shorewall-users@shorewall.net Cc: Thad Marsh Subject: RE: [Shorewall-users] 4 nic linux router 1.> *ip route add 192.168.119.0/24 via 192.168.119.101 table 1It''s your local route to your local subnet... So there isn''t a "via", I think you mean: #ip route add 192.168.119.0/24 dev ethX table 1 And this isn''t correct too:> ip rule add from 209.141.2.194 lookup 2I think you meant: #ip rule add from 209.141.2.194 pref 2 2. I never did this exact same setup before but I think it should work like this: Every interface has an IP adress and subnet (for example /24) and an interface number: For example I made up these ifnumbers: Eth0 =3D 66.92.114.46/24 Eth1 =3D 209.141.2.194/24 Eth2 =3D 192.168.119.101/24 Eth3 =3D 192.168.120.101/24 Then I would make the ip rules depending on the interface the packet arrives on, and not the subnet! So if I didn''t oversee anything then this should work for you: #ip ru add dev eth0 table 1 pref 1 #ip ru add dev eth2 table 1 pref 1 #ip ru add dev eth1 table 2 pref 2 #ip ru add dev eth3 table 2 pref 2 #ip ro add default via 66.92.114.33 dev eth0 table 1 #ip ro add default via 209.141.2.194 dev eth1 table 2 #ip ro add 192.168.119.0/24 dev eth2 table 1 #ip ro add 192.168.120.0/24 dev eth3 table 2 Hope it helps, Niels. -----Original Message----- From: Thad Marsh [mailto:thad@marshtek.com] Sent: zaterdag 7 september 2002 14:44 To: niels@wxn.nl; shorewall-users@shorewall.net Subject: RE: [Shorewall-users] 4 nic linux router Thanks Niels, I had looked at the url you posted and it was in fact the closest bit of information I had found to what I am trying to do. The only problem was that I wasn''t trying to split 2 wan to one but rather 2wan to 2 local. I tried doing this but it didn''t seem to work. The lists would not accept * line below, probably syntax but I could not find: ip rule add from 66.92.114.46 lookup 1 *ip route add 192.168.119.0/24 via 192.168.119.101 table 1 ip route add 0/0 via 66.92.114.33 table 1 ip rule add from 209.141.2.194 lookup 2 *ip route add 192.168.120.0/24 via 192.168.120.101 table 1 ip route add 0/0 via 209.141.2.194 table 1 ip rule list 0: from all lookup local 32764: from 209.141.2.194 lookup 2 32765: from 66.92.114.46 lookup 1 32766: from all lookup main 32767: from all lookup 253 ip route list table 1 192.168.119.0/24 via 192.168.119.101 dev eth2 default via 66.92.114.33 dev eth0 ip route list table 2 192.168.120.0/24 via 192.168.120.101 dev eth3 default via 209.141.2.195 dev eth1 let me know if you see something easy? -----Original Message----- From: niels@wxn.nl [mailto:niels@wxn.nl] Sent: Saturday, September 07, 2002 6:00 AM To: Thad Marsh; shorewall-users@shorewall.net Subject: RE: [Shorewall-users] 4 nic linux router Hi, This URL should help you out http://lartc.org/howto/ (check chapter 4!) Regards, Niels -----Original Message----- From: Thad Marsh [mailto:thad@marshtek.com] Sent: zaterdag 7 september 2002 2:40 To: shorewall-users@shorewall.net Subject: [Shorewall-users] 4 nic linux router I have scoured the net, gotten a few pointers from Tom(while he was on vaca, thanks tom) and looked at several books and still have not come up with a satisfactory solution. I know someone has done it! Can some one point me to a reference for how to route two wan nics and two internal nics on the same box. I have tried using ip add to setup two separate lookup tables and route tables but to know avail. Any help greatly appreciated! This is what I have 66.92.114.46 209.141.2.194 | | xxxxxxxxxxxxxxxx redhat 7.3 will run ShoreWall xxxxxxxxxxxxxxxx 192.168.119.101 192.168.120.101 | | each network will have servers running here 192.168.119.100 192.168.120.100 xxxxxxxxxxxxxxxxx failover box xxxxxxxxxxxxxxxxx 192.168.121.101 internal mail server _______________________________________________ Shorewall-users mailing list Shorewall-users@shorewall.net http://www.shorewall.net/mailman/listinfo/shorewall-users