Tom thanks much for your previous comment. I looked at the man pages and did what you suggested. I must be missing something. Currently these are the non working configs I have to achieve the previous NAT scenario. masq: eth2 eth3 134.215.230.226 eth1 eth0 134.215.238.202 providers: TDS1 1 1 main eth1 134.215.238.201 - eth3 TDS2 2 2 main eth2 134.215.230.225 - eth0 route_rules: eth3 - TDS1 1000 eth0 - TDS2 1000 With eth0 and eth3 of course being the different rfc 1918 nets I want to NAT through the same machine. Thanks for your comments. Michael ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Michael Cozzi wrote:> Tom thanks much for your previous comment. I looked at the man pages > and did what you suggested. I must be missing something. > > Currently these are the non working configs I have to achieve the > previous NAT scenario.Two things: a) You say these are "non-working" but you give us absolutely no clue as to how they are not working. How do you expect us to help you if you don''t even tell us what you tried, what you expected to happen and what actually happened? b) At http://www.shorewall.net/support.htm, I specifically say: Please do not include Shorewall configuration files unless you have been specifically asked to do so. The output of shorewall dump collected as described above is much more useful. So please help us help you and: a) Collect the output of "shorewall dump" as described at http://www.shorewall.net/support.htm#Guidelines b) Explain to us how this configuration is failing. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Sun, 2007-07-08 at 16:29 -0700, Tom Eastep wrote:> > So please help us help you and: > > a) Collect the output of "shorewall dump" as described at > http://www.shorewall.net/support.htm#Guidelines > > b) Explain to us how this configuration is failing. >Thank you Tom, I''ll try to be more meticulous about this. I''m unable to get any connection out of the network on either the 192.168.0.0 network or 192.168.1.0 network. Communication from the firewall is fine, through the interface that has a gateway assigned to it. What I''m trying to have happen here is having the networks 192.168.0.0 and 192.168.1.0 be masq''d to separate providers, no balancing, just straight NAT. The dump is attached. Thanks again. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Hi, may be a stupid remark but ... Michael Cozzi a écrit :> Tom thanks much for your previous comment. I looked at the man pages > and did what you suggested. I must be missing something. > > Currently these are the non working configs I have to achieve the > previous NAT scenario. > > masq: > > eth2 eth3 134.215.230.226 > eth1 eth0 134.215.238.202 > >shouldn''t it be : eth1 eth3 134.215.230.226 eth2 eth0 134.215.238.202> providers: > > TDS1 1 1 main eth1 134.215.238.201 - eth3 > TDS2 2 2 main eth2 134.215.230.225 - eth0 > > route_rules: > > eth3 - TDS1 1000 > eth0 - TDS2 1000 > > With eth0 and eth3 of course being the different rfc 1918 nets I want to > NAT through the same machine. > > Thanks for your comments. > > Michael > >MaNU> ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Michael Cozzi wrote:> On Sun, 2007-07-08 at 16:29 -0700, Tom Eastep wrote: >> So please help us help you and: >> >> a) Collect the output of "shorewall dump" as described at >> http://www.shorewall.net/support.htm#Guidelines >> >> b) Explain to us how this configuration is failing. >> > > Thank you Tom, I''ll try to be more meticulous about this. > > I''m unable to get any connection out of the network on either the > 192.168.0.0 network or 192.168.1.0 network. Communication from the > firewall is fine, through the interface that has a gateway assigned to > it. > > What I''m trying to have happen here is having the networks 192.168.0.0 > and 192.168.1.0 be masq''d to separate providers, no balancing, just > straight NAT. > > The dump is attached. Thanks again.Another user has already spotted the problem that is preventing local lan access to the net and has posted a solution on the list. The two local LANs cannot communicate either, that will be corrected by listing both local interfaces in the COPY column in both providers. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Eastep wrote:> Michael Cozzi wrote: >> On Sun, 2007-07-08 at 16:29 -0700, Tom Eastep wrote: >>> So please help us help you and: >>> >>> a) Collect the output of "shorewall dump" as described at >>> http://www.shorewall.net/support.htm#Guidelines >>> >>> b) Explain to us how this configuration is failing. >>> >> Thank you Tom, I''ll try to be more meticulous about this. >> >> I''m unable to get any connection out of the network on either the >> 192.168.0.0 network or 192.168.1.0 network. Communication from the >> firewall is fine, through the interface that has a gateway assigned to >> it. >> >> What I''m trying to have happen here is having the networks 192.168.0.0 >> and 192.168.1.0 be masq''d to separate providers, no balancing, just >> straight NAT. >> >> The dump is attached. Thanks again. > > Another user has already spotted the problem that is preventing local > lan access to the net and has posted a solution on the list.Basically, you have defined NAT for two pairs of interfaces while you have defined routing rules for two different pairs. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/