Mike Lander wrote:> I am building a shorewall box that the last post has the SSH error and
> wanted
> some feedback from the list if possible. At first I thought the two
ISP''s
> I
> building this
> for had two T-1''s with FQ ip''s as it. I have the box
built for this ready
> to
> go.
> Now I find out that one of the T-1''s is non-routed with 5
useable ips
> /29--Good
> the other T-1 is natted in using one of the local lan Ip''s. Both
full
> T-1''s-----Not so Good
> The Idea is to load balance and route specific stuff like mail etc:
> The second ISP will NOT give me a FQ ip. Shorewall fits the bill
> perfect for this need.
> Currently the network is using routeback and static routes
> to route specific traffic to the natted ISP gateway. The only solution I
> could
> think of was, I asked the ISP if they could change the currently
> natted gateway (lan ip on internal) to a different Class 3 IP such as
> 10.15.75.1
> then I could configure my second ISP to the same network
> 10.15.75.2 and track and balance the routes.
> Now would there be a better way to do this and leave the
> Natted ISP with the same IP as the lan (loc) if ??
>
I think you had better stick with your first idea (get the network number
changed); otherwise, you bound to end up in ARP/routing hell.
-Tom Jumped Ships
foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
BTW to the list,
I do not know if its not cool to post this but if it is I could
same some valueable time. I have spent two weeks on this firewall.
Because Fedora Core 7 and 6 would not work with Samba as a PDC.
There where bugs that caused weird problems and it has been posted to
the Fedora team.
The Samba lead Documenter John T from the Samba team helped
me for around 10 hours alone on the phone to get the box right for
Samba to work. But at the end it would not let the box itself join
the domain. Then I switched to Suse, what a dream system.
John found me buy searching for my email address.
and I felt priveledged to be contacted from a email list by him.
After switching to Suse what a difference (Kde desktop rocks)
as well as Yast2 for updates and packages. I think Unbuntu will work too
(for Samba)
Anyway not to use the lists time for off topic.
my hat is off to Suse just loading and configuring shorewall worked with the
stock Rpm, loaded so
fast with the new Perl compiler about (about one second shorewall restart)
with muli-ISp and tcrules. I think Tom asked about how the rpms work
with Suse no trouble here. Just the word wrap issue today with SSHknocking.
Which probalbly was my fault.
Shorewall Rock,
Thanks
Mike
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/