Hello all, I''m new to this list. I''m using shorewall for ~3 years, and all this time I didn''t have any need to subscribe to list, since all the necessary information I could find in FAQ or Google. But now I have a question. I configured shorewall to use 2 ISP''s. Every thing is ok, but one day one mail server decided to add reverse checks and my mail server which is in the DMZ started get errors, because one time he gets to other mail server via ISP1 the other time via ISP2, and DNS revers could be configured only for one ISP. My question: How to setup shorewall to use 2 ISP for all the outgoing connections except for mail server DPT 25. If I could do this I could make my mail server send mails only through ISP1 and all my problems will be gone. Thanks a lot for any hint. liutauras ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On 9/5/06, Liutauras Adomaitis <liutauras@infosaitas.lt> wrote:> Hello all, > > I''m new to this list. I''m using shorewall for ~3 years, and all this time I > didn''t have any need to subscribe to list, since all the necessary > information I could find in FAQ or Google.And this too is answered in the FAQ! At the end of the example listed at http://shorewall.net/MultiISP.html#id2509729 copied here for convenience.... *************** Now suppose that you want to route all outgoing SMTP traffic from your local network through ISP 2. You would make this entry in /etc/shorewall/tcrules (and if you are running a version of Shorewall earlier than 3.0.0, you would set TC_ENABLED=Yes in /etc/shorewall/shorewall.conf). #MARK SOURCE DEST PROTO PORT(S) CLIENT USER TEST # PORT(S) 2:P <local network> 0.0.0.0/0 tcp 25 **************** The mark(2 in this case) will change to whichever interface you are using. The source needs to change to the IP of your mail server, or the DMZ as appropriate. Hope that helps! Prasanna. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On 9/5/06, Liutauras Adomaitis <liutauras@infosaitas.lt> wrote:> Hello all, > > I''m new to this list. I''m using shorewall for ~3 years, and all this time I > didn''t have any need to subscribe to list, since all the necessary > information I could find in FAQ or Google. But now I have a question. > I configured shorewall to use 2 ISP''s. Every thing is ok, but one day one mail > server decided to add reverse checks and my mail server which is in the DMZ > started get errors, because one time he gets to other mail server via ISP1 > the other time via ISP2, and DNS revers could be configured only for one ISP.while you may have read the faq and googled it, did you try to the shorewall docs? for your case, it could be useful to read http://www.shorewall.net/MultiISP.html and http://www.shorewall.net/traffic_shaping.htm#tcrules basically, you need to configure both the tcrules and providers file carefully enough just to allow one ISP to do the SMTP traffic and left the rest of other traffic to ISP2. hope this helps. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642