Shorewall users - Jan 2012 - Two ISPs configuration problem

Hi everyone,

I''m have experienced some problems since a installed a second ISP on my
network.

ISP1     1       1       main    eth0    xxx.xxx.xxx.xxx  
track,balance=1       eth2,eth3
ISP2     2       2       main    eth1    xxx.xxx.xxx.xxx  
track,balance=3       eth2,eth3

ISP1 = 2Mbit / 13 valid ips
ISP2 = 4Mbit / 5 valid ips

I want to use just ISP2 for all outgoing connections. However, my SMTP 
messages must use one of ISP1 valid IPs. Moreover, ISP1 must take over 
if the primary link fails.

I tried to use this configuration in tcrules file:

MARK           SOURCE          DEST            PROTO   PORT(S) CLIENT  
USER    TEST
#                                                               PORT(S)
1:P     192.168.1.2             0.0.0.0/0       tcp     smtp,smtps # FOR 
SMTP MAIL SERVER

My masq file is working like this:

#INTERFACE              SOURCE          ADDRESS         PROTO   PORT(S) 
IPSEC   MARK
eth1                    0.0.0.0/0       xxx.xxx.xxx.xxx
eth0                    0.0.0.0/0       xxx.xxx.xxx.xxx
eth0:2                  192.168.1.2     xxx.xxx.xxx.xxx   tcp     
smtp,smtps # FOR SMTP MAIL SERVER

At this moment, I''m having problems sending e-mails to other servers.

Thanks for your help.

Best regards,

João


------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don''t need a
complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual 
desktops for less than the cost of PCs and save 60% on VDI infrastructure 
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox

On Mon, 2012-01-09 at 15:48 -0200, João Alberto Kuchnier
wrote:
> Hi everyone,
> 
> I''m have experienced some problems since a installed a second ISP
on my
> network.
> 
> ISP1     1       1       main    eth0    xxx.xxx.xxx.xxx  
> track,balance=1       eth2,eth3
> ISP2     2       2       main    eth1    xxx.xxx.xxx.xxx  
> track,balance=3       eth2,eth3
> 
> ISP1 = 2Mbit / 13 valid ips
> ISP2 = 4Mbit / 5 valid ips
> 
> I want to use just ISP2 for all outgoing connections. However, my SMTP 
> messages must use one of ISP1 valid IPs. Moreover, ISP1 must take over 
> if the primary link fails.
> 
> I tried to use this configuration in tcrules file:
> 
> MARK           SOURCE          DEST            PROTO   PORT(S) CLIENT  
> USER    TEST
> #                                                               PORT(S)
> 1:P     192.168.1.2             0.0.0.0/0       tcp     smtp,smtps # FOR 
> SMTP MAIL SERVER
> 
> My masq file is working like this:
> 
> #INTERFACE              SOURCE          ADDRESS         PROTO   PORT(S) 
> IPSEC   MARK
> eth1                    0.0.0.0/0       xxx.xxx.xxx.xxx
> eth0                    0.0.0.0/0       xxx.xxx.xxx.xxx
> eth0:2                  192.168.1.2     xxx.xxx.xxx.xxx   tcp     
> smtp,smtps # FOR SMTP MAIL SERVER
> 
> At this moment, I''m having problems sending e-mails to other
servers.
Please send me the output of ''shorewall dump'' collected as
described at
http://www.shorewall.net/support.htm#Guidelines.

Thanks,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don''t need a
complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual 
desktops for less than the cost of PCs and save 60% on VDI infrastructure 
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox