bulls eye!
great help, now, i remember when the providers file
originally came out the documentation stated that i
should use "balance" option even if i don''t want to
balance, but in practice, it was just a mess with the
tcrules and without balance it worked like i needed
to, but what are the drawbacks of not specifying
"balance" on my providers files?
thanks a lot
Alberto Sierra
>From: Tom Eastep <teastep@shorewall.net>
> To: Shorewall Users
> <shorewall-users@lists.sourceforge.net>
> Date: Sun, 03 Sep 2006 17:14:41 -0700
> Subject: Re: [Shorewall-users] dnat thru second
> provider
>
> Alberto Sierra wrote:
> >> Without seeing the details of your setup, it''s
> >> impossible to say.
> >> Please
> >> see http://www.shorewall.net/support.htm for
> detailed
> >> problem reporting
> >> instructions.
> >>
> >> -Tom
> >
> > sorry, i haven''t posted in a very long time, im
> > attaching the shorewall dump, im trying to make a
> DNAT
> > connection from any external ip address (home,
> road)
> > thru the ip address of the second provider
> > (216.194.173.173, eth3) on port 2000 (doesn''t have
> to
> > be this port) to a server on the inside network
> > (10.1.1.13, eth0).
> >
> > for some reason it just gives me time out.
> >
> > thanks for your help.
>
> If you don''t set ''balance'' on your providers,
then
> you may not use
> ''route_filter'' on their interfaces. Don''t
specify
> ''route_filter'' on eth3
> (and if you are not specifying route_filter'' on that
> interface then you
> must disable all "IP address spoofing" measures that
> your distribution
> provides.
>
> -Tom
> --
> Tom Eastep \ Nothing is foolproof to a
> sufficiently talented fool
> Shoreline, \ http://shorewall.net
> Washington USA \ teastep@shorewall.net
> PGP Public Key \
> https://lists.shorewall.net/teastep.pgp.key
>
> > From: Tom Eastep <teastep@shorewall.net>
> To: Shorewall Users
> <shorewall-users@lists.sourceforge.net>
> Date: Mon, 04 Sep 2006 11:23:01 -0700
> Subject: Re: [Shorewall-users] dnat thru second
> provider
>
> Tom Eastep wrote:
> >
> > If you don''t set ''balance'' on your
providers, then
> you may not use
> > ''route_filter'' on their interfaces. Don''t
specify
> ''route_filter'' on eth3
> > (and if you are not specifying route_filter'' on
> that interface then you
> > must disable all "IP address spoofing" measures
> that your distribution
> > provides.
>
> FYI: The option is ''routefilter'', not
> ''route_filter''.
>
> -Tom
> --
> Tom Eastep \ Nothing is foolproof to a
> sufficiently talented fool
> Shoreline, \ http://shorewall.net
> Washington USA \ teastep@shorewall.net
> PGP Public Key \
> https://lists.shorewall.net/teastep.pgp.key
>
> >
-------------------------------------------------------------------------> Using Tomcat but need to do more? Need to support
> web services, security?
> Get stuff done quickly with pre-integrated
> technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1
> based on Apache Geronimo
>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642>
_______________________________________________> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
>
https://lists.sourceforge.net/lists/listinfo/shorewall-users>
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642