Tom Eastep
2003-Aug-21 06:45 UTC
[Shorewall-users] Re: Fwd: Incoming request Lotus Notes with two ISP
On Thu, 2003-08-21 at 05:28, Vivian Ballan wrote:> > >Hi list, > >I have a firewall Shorewall 1.4.5 running with Suse 7.2(kernel > 2.4.20) and > >4 nic (2 net, 1 dmz, 1 loc). > >In loc, I have electronic mail Lotus Notes 5 with ISP A, and when > default > >gateway (in Linux firewall) points to ISP B, the mails outcome but > not > >income. > > > >I applied the paper "4.2 Routing for multiple uplinks/providers" and > it?s > >ok load balancing but not split access. Besides, I used the options > DNAT or > >ACCEPT with nat, allways wrong. > >Please, how do I do ? > > > >Thank You in advance > >Vivian > > > ______________________________________________________________________ > ?Est?s buscando un auto nuevo? Haz clic aqu?...-- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep
2003-Aug-21 07:04 UTC
[Shorewall-users] Re: Fwd: Incoming request Lotus Notes with two ISP
On Thu, 2003-08-21 at 06:45, Tom Eastep wrote:> On Thu, 2003-08-21 at 05:28, Vivian Ballan wrote: > > > > > >Hi list, > > >I have a firewall Shorewall 1.4.5 running with Suse 7.2(kernel > > 2.4.20) and > > >4 nic (2 net, 1 dmz, 1 loc). > > >In loc, I have electronic mail Lotus Notes 5 with ISP A, and when > > default > > >gateway (in Linux firewall) points to ISP B, the mails outcome but > > not > > >income. > > > > > >I applied the paper "4.2 Routing for multiple uplinks/providers" and > > it?s > > >ok load balancing but not split access. Besides, I used the options > > DNAT or > > >ACCEPT with nat, allways wrong. > > >Please, how do I do ?So long as you have both external interfaces defined in the ''net'' zone and are masquerading to both (assuming that''s what you do with your local net) then there is nothing more to do in Shorewall. If you are having problems, it is most likely in your routing setup. I personally have no experience with this type of configuration (one high-speed Internet connection is expensive enough for me) but I believe that some other list subscribers are doing this. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net