Shorewall users - Mar 2004 - 2 ISPS

Quick question:

Is it better to set up the interfaces as:

net	eth0	detect	xxxxx,xxxx # isp 1
net	eth2	dectect	xxxxx,xxxx # isp 2
loc	eth1	dectect	xxxxx,xxxx


With rules for net and loc

or:

net	eth0	detect	xxxxx,xxxx # isp 1
net2	eth2	dectect	xxxxx,xxxx # isp 2
loc	eth1	dectect	xxxxx,xxxx

with rules for net, net2 and loc

I have iproute2 with the route tables to return packects to the sending
interface and the are both default equalized.

Thanks

--john

On Friday 19 March 2004 06:40 am, jhill@columbuscontainer.com
wrote:
> Quick question:
>
> Is it better to set up the interfaces as:
>
> net	eth0	detect	xxxxx,xxxx # isp 1
> net	eth2	dectect	xxxxx,xxxx # isp 2
> loc	eth1	dectect	xxxxx,xxxx
>
>
> With rules for net and loc
>
> or:
>
> net	eth0	detect	xxxxx,xxxx # isp 1
> net2	eth2	dectect	xxxxx,xxxx # isp 2
> loc	eth1	dectect	xxxxx,xxxx
>
> with rules for net, net2 and loc
>
> I have iproute2 with the route tables to return packects to the sending
> interface and the are both default equalized.
I prefer the first way unless you have reason to firewall the two connections 
differently. Either way, I suggest that you spell it "detect" rather
than
"dectect" :-)

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net