Hi,
I use shorewall 2.4.7 on mandriva 2006.0.
Here is my conf :
- ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:04:4D:77:36
inet adr:10.0.90.1 Bcast:10.0.255.255 Masque:255.255.0.0
adr inet6: fe80::250:4ff:fe4d:7736/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth1 Link encap:Ethernet HWaddr 00:04:76:DF:01:48
inet adr:81.xxx.85.142 Bcast:81.xxx.85.143 Masque:255.255.255.240
adr inet6: fe80::204:76ff:fedf:148/64 Scope:Lien
eth2 Link encap:Ethernet HWaddr 00:0A:5E:4E:B4:78
inet adr:10.1.90.1 Bcast:10.1.255.255 Masque:255.255.0.0
adr inet6: fe80::20a:5eff:fe4e:b478/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth3 Link encap:Ethernet HWaddr 00:0A:5E:4E:B6:B1
inet adr:82.xxx.187.12 Bcast:82.xxx.187.255 Masque:255.255.255.0
adr inet6: fe80::20a:5eff:fe4e:b6b1/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- route
Destination Passerelle Genmask Indic Metric Ref Use Iface
81.xxx.85.128 * 255.255.255.240 U 10 0 0 eth1
82.xxx.187.0 * 255.255.255.0 U 0 0 0 eth3
10.0.0.0 * 255.255.0.0 U 10 0 0 eth0
10.1.0.0 * 255.255.0.0 U 10 0 0 eth2
default 82.xxx.187.254 0.0.0.0 UG 0 0 0 eth3
- zone
#ZONE DISPLAY COMMENTS
net Net Internet zone
loc Local Local
dmz dmz dmz
free free free
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
- interface
#ZONE INTERFACE BROADCAST OPTIONS
loc eth0 detect ( 10.0.90.1 / 255.255.0.0 )
net eth1 detect ( 81.xxx.85.142 / 255.255.255.240 )
dmz eth2 detect ( 10.1.90.1 / 255.255.0.0 )
net2 eth3 detect ( 82.xxx.187.12 / 255.255.255.0 )
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
-policy
###############################################################################
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
$FW all ACCEPT
loc all ACCEPT
net all DROP info
net2 all DROP info
all all REJECT info
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
- Provider
###################################################################
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
ISP1 1 1 main eth1 81.xxx.85.129 track,balance eth0,eth2
ISP2 2 2 main eth3 82.xxx.187.254 track,balance eth0,eth2
- tcrules
###############################################################
#MARK SOURCE DEST PROTO PORT(S) CLIENT USER TEST
# PORT(S)
1:P eth0 0.0.0.0/0 all
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
All works fine. All traffic from loc goes out via ISP1 ( zone net ). I would
like, what the traffic from loc ( eth0 ) goes out via ISP1 ( eth1 ) or ISP (
eth3 ) and not only via ISP1. I don''t know how to do this.
I''ve try to comment the line in tcrules, but then, no traffic from loc
goes out.
Can you give me some informations ?
Thank''s and happy new year.
Franck BAREL
FD Productions
Téléphone : 02 51 13 94 20
Télécopie : 02 51 13 94 29
E-Mail : franck@fdprod.com
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click