Forgive for my bad English, but I´m Brazilian...
I am trying to configure the Shorewall to work with two links.
My network configuration is
auto eth0 eth1 eth2
iface eth0 inet static
address 192.168.0.9
netmask 255.255.255.0
broadcast 192.168.0.255
iface eth1 inet static
address 200.206.217.244
netmask 255.255.255.192
broadcast 200.206.217.255
gateway 200.206.217.193
iface eth2 inet static
address 200.154.3.10
netmask 255.255.255.0
broadcast 200.154.3.255
gateway 200.154.3.1
Where eth0=LAN, eth1=IPS1 and eth2=ISP2
My shorewall configuration is:
/etc/shorewall/shorewall.conf
IP_FORWARDING=On
TC_ENABLED=Yes
/etc/shorewall/zones
fw firewall
net ipv4
loc ipv4
/etc/shorewall/interfaces
loc eth0 detect
net eth1 detect routeback
net eth2 detect routeback
/etc/shorewall/policy
loc all ACCEPT
fw all ACCEPT
net all DROP info
/etc/shorewall/masq (I DISTRUST THAT THE PROBLEM IS HERE)
eth1 200.154.3.10 200.206.217.244
eth2 200.206.217.244 200.154.3.10
eth1 eth0 200.206.217.244
eth2 eth0 200.154.3.10
/etc/shorewall/providers
ISP1 1 1 main eth1 200.206.217.244 track,balance eth0
ISP2 2 2 main eth2 200.154.3.1 track,balance eth0
/etc/shorewall/tcrules
1:P eth0 0.0.0.0/0 all
This tcrules is only for test, in production it will be marked determined
packages for determined interfaces.
With the configuration above, I do not obtain to have access the InterNet. What
can be wrong?
_____________________________________________________
Keny Hayakawa Schmeling
Diretor Comercial/Administravivo
Tel: 5566-1465
Fax: 5566-6541
http://www.optinfo.com.br
kenyhs@optinfo.com.br
_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/_/_/ _/_/_/
_/ _/ _/ _/ _/ _/ _/_/ _/ _/ _/ _/
_/ _/ _/_/_/ _/ _/ _/ _/_/ _/_/ _/ _/
_/_/_/ _/ _/ _/ _/ _/ _/ _/_/_/
TECNOLOGIA EM INFORMÁTICA LTDA.
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
I am newbie, but I think the correct in the masq file is:
eth1 192.168.0.9/24 200.206.217.244
eth2 192.168.0.9/24 200.154.3.10
or
eth1 eth0 200.206.217.244
eth2 eth0 200.154.3.10
Andrés
----- Original Message -----
From: "Keny Schmeling" <kenyhs@optinfo.com.br>
To: <shorewall-users@lists.sourceforge.net>
Sent: Friday, March 10, 2006 8:42 AM
Subject: [Shorewall-users] Two links
Forgive for my bad English, but I´m Brazilian...
I am trying to configure the Shorewall to work with two links.
My network configuration is
auto eth0 eth1 eth2
iface eth0 inet static
address 192.168.0.9
netmask 255.255.255.0
broadcast 192.168.0.255
iface eth1 inet static
address 200.206.217.244
netmask 255.255.255.192
broadcast 200.206.217.255
gateway 200.206.217.193
iface eth2 inet static
address 200.154.3.10
netmask 255.255.255.0
broadcast 200.154.3.255
gateway 200.154.3.1
Where eth0=LAN, eth1=IPS1 and eth2=ISP2
My shorewall configuration is:
/etc/shorewall/shorewall.conf
IP_FORWARDING=On
TC_ENABLED=Yes
/etc/shorewall/zones
fw firewall
net ipv4
loc ipv4
/etc/shorewall/interfaces
loc eth0 detect
net eth1 detect routeback
net eth2 detect routeback
/etc/shorewall/policy
loc all ACCEPT
fw all ACCEPT
net all DROP info
/etc/shorewall/masq (I DISTRUST THAT THE PROBLEM IS HERE)
eth1 200.154.3.10 200.206.217.244
eth2 200.206.217.244 200.154.3.10
eth1 eth0 200.206.217.244
eth2 eth0 200.154.3.10
/etc/shorewall/providers
ISP1 1 1 main eth1 200.206.217.244 track,balance eth0
ISP2 2 2 main eth2 200.154.3.1 track,balance eth0
/etc/shorewall/tcrules
1:P eth0 0.0.0.0/0 all
This tcrules is only for test, in production it will be marked determined
packages for determined interfaces.
With the configuration above, I do not obtain to have access the InterNet.
What can be wrong?
_____________________________________________________
Keny Hayakawa Schmeling
Diretor Comercial/Administravivo
Tel: 5566-1465
Fax: 5566-6541
http://www.optinfo.com.br
kenyhs@optinfo.com.br
_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/_/_/ _/_/_/
_/ _/ _/ _/ _/ _/ _/_/ _/ _/ _/ _/
_/ _/ _/_/_/ _/ _/ _/ _/_/ _/_/ _/ _/
_/_/_/ _/ _/ _/ _/ _/ _/ _/_/_/
TECNOLOGIA EM INFORMÁTICA LTDA.
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=k&kid0944&bid$1720&dat1642
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642