Brian J. Murrell
2011-Mar-10 12:17 UTC
multi-isp and preventing certain traffic on a given connection
I have a multi-isp configuration: CGCO 1 256 main $CGCOIF detect track,balance br-lan,tun0 IGS 2 512 main $IGSIF detect track,fallback br-lan,tun0 where I force SMTP out one of the connections: 512:P br-lan - tcp 25 But the effect of that of course is that if IGS goes down, SMTP will leak out of the CGCO connection. How can I prevent that? Cheers, b. ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
Tom Eastep
2011-Mar-10 14:34 UTC
Re: multi-isp and preventing certain traffic on a given connection
On 3/10/11 4:17 AM, Brian J. Murrell wrote:> I have a multi-isp configuration: > > CGCO 1 256 main $CGCOIF detect track,balance br-lan,tun0 > IGS 2 512 main $IGSIF detect track,fallback br-lan,tun0 > > where I force SMTP out one of the connections: > > 512:P br-lan - tcp 25 > > But the effect of that of course is that if IGS goes down, SMTP will > leak out of the CGCO connection. How can I prevent that?REJECT rule. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
Brian J. Murrell
2011-Mar-10 16:36 UTC
Re: multi-isp and preventing certain traffic on a given connection
On 11-03-10 09:34 AM, Tom Eastep wrote:> > REJECT rule.Indeed, that is where I was going but then got stumped at the point where I needed a reject rule that specifies the LAN as the source network and the egress interface of the router, somehow. Am I missing something obvious? b. ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
Tom Eastep
2011-Mar-10 21:26 UTC
Re: multi-isp and preventing certain traffic on a given connection
On 3/10/11 8:36 AM, Brian J. Murrell wrote:> On 11-03-10 09:34 AM, Tom Eastep wrote: >> >> REJECT rule. > > Indeed, that is where I was going but then got stumped at the point > where I needed a reject rule that specifies the LAN as the source > network and the egress interface of the router, somehow. > > Am I missing something obvious?http://www.shorewall.net/configuration_file_basics.htm#SOURCE-DEST -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d