Shorewall users - Jun 2003 - More than one interface in the net zone?

We are trying to do a setup with more than one interface to the net via
more than one isp.

Here is a link to a description of our latest efforts:


http://bslug.org/modules/news/article.php?storyid=7


We used this article:

http://www.samag.com/documents/s=1824/sam0201h/0201h.htm

as a starting point.

We have made decent progress, but most of us prefer shorewall as our
firewall and were wondering if anyone knew of any way to use shorewall
in this situation. A search on google turned up nothing usefull.

drew

On 15 Jun 2003 14:36:21 -0400, 100 jamz tech support 
<techz@tribunemedia.net> wrote:
> We are trying to do a setup with more than one interface to the net via
> more than one isp.
>
> Here is a link to a description of our latest efforts:
>
>
> http://bslug.org/modules/news/article.php?storyid=7
>
>
> We used this article:
>
> http://www.samag.com/documents/s=1824/sam0201h/0201h.htm
>
> as a starting point.
>
> We have made decent progress, but most of us prefer shorewall as our
> firewall and were wondering if anyone knew of any way to use shorewall
> in this situation. A search on google turned up nothing usefull.
The Shorewall part of such a configuration is really pretty trivial.

a) Include both external interfaces in /etc/shorewall/interfaces and 
associate them with the ''net'' zone.
b) Duplicate your entries in /etc/shorewall/masq so that masquerading/SNAT 
occurs on both external interfaces.
c) To disable routing between the two external interfaces, include "net net
NONE" in /etc/shorewall/policy.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

On Sun, 15 Jun 2003 12:00:48 -0700, Tom Eastep <teastep@shorewall.net> 
wrote:

>
> The Shorewall part of such a configuration is really pretty trivial.
>
> a) Include both external interfaces in /etc/shorewall/interfaces and 
> associate them with the ''net'' zone.
> b) Duplicate your entries in /etc/shorewall/masq so that 
> masquerading/SNAT occurs on both external interfaces.
> c) To disable routing between the two external interfaces, include
"net
> net NONE" in /etc/shorewall/policy.
>
Note that you still have to set up the routing as described in the article 
you referred to -- the above just configures the firewall.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

Thanks Tom,

we''ll give it a whirl and let everyone know how it works out.

On Sun, 2003-06-15 at 15:00, Tom Eastep wrote:
> On 15 Jun 2003 14:36:21 -0400, 100 jamz tech support 
> <techz@tribunemedia.net> wrote:
> 
> > We are trying to do a setup with more than one interface to the net
via
> > more than one isp.
> >
> > Here is a link to a description of our latest efforts:
> >
> >
> > http://bslug.org/modules/news/article.php?storyid=7
> >
> >
> > We used this article:
> >
> > http://www.samag.com/documents/s=1824/sam0201h/0201h.htm
> >
> > as a starting point.
> >
> > We have made decent progress, but most of us prefer shorewall as our
> > firewall and were wondering if anyone knew of any way to use shorewall
> > in this situation. A search on google turned up nothing usefull.
> 
> The Shorewall part of such a configuration is really pretty trivial.
> 
> a) Include both external interfaces in /etc/shorewall/interfaces and 
> associate them with the ''net'' zone.
> b) Duplicate your entries in /etc/shorewall/masq so that masquerading/SNAT 
> occurs on both external interfaces.
> c) To disable routing between the two external interfaces, include
"net net
> NONE" in /etc/shorewall/policy.
> 
> -Tom