Dear list, my box is a Debian Lenny (4.0) with the stock Shorewall (3.2.6-2). I cannot upgrade right now so please don''t tell me "first upgrade!" :) I managed to have Muliple-ISP working, and I''m driving web traffic (HTTP and HTTPS) thru one provider and mail traffic (GMail IMAPS/SMTPS) to the other one. My LAN (eth1) is masquerade behind two NIC, eth0 (first provider) and eth4 (second one). I would like to force all traffic generating from my pc (one IP in the eth1 network) to go thru one ISP only. My tcrules looks like this: 2 eth1:<my_IP> # # GMAIL 2:P eth1 0.0.0.0/0 tcp 993 2:P eth1 0.0.0.0/0 tcp 465 # WEB 1:P eth1 0.0.0.0/0 tcp 80 1:P eth1 0.0.0.0/0 tcp 443 1 $FW 0.0.0.0/0 tcp 80 1 $FW 0.0.0.0/0 tcp 443 Despite of this, I cannot manage to get this to work. If I connect eg to speedtest.net I always see the public IP associated to my first ISP (1) and not the second one, as I would like. Anybody could help me? Where am I wrong? maybe on my box this is not achieavable? TIA Alessandro ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
On 02/16/2012 12:45 AM, Alessandro Faglia wrote:> Dear list, > my box is a Debian Lenny (4.0) with the stock Shorewall (3.2.6-2). I cannot > upgrade right now so please don''t tell me "first upgrade!" :) > > I managed to have Muliple-ISP working, and I''m driving web traffic (HTTP > and HTTPS) thru one provider and mail traffic (GMail IMAPS/SMTPS) to the > other one. My LAN (eth1) is masquerade behind two NIC, eth0 (first > provider) and eth4 (second one). > > I would like to force all traffic generating from my pc (one IP in the eth1 > network) to go thru one ISP only. My tcrules looks like this: > > 2 eth1:<my_IP> > # > # GMAIL > 2:P eth1 0.0.0.0/0 tcp 993 > 2:P eth1 0.0.0.0/0 tcp 465 > # WEB > 1:P eth1 0.0.0.0/0 tcp 80 > 1:P eth1 0.0.0.0/0 tcp 443 > 1 $FW 0.0.0.0/0 tcp 80 > 1 $FW 0.0.0.0/0 tcp 443 > > Despite of this, I cannot manage to get this to work. If I connect eg to > speedtest.net I always see the public IP associated to my first ISP (1) and > not the second one, as I would like. > > Anybody could help me? Where am I wrong? maybe on my box this is not > achieavable?Put the rule for your IP address *last*; the tcrules file is ''last match wins''. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
On Thu, Feb 16, 2012 at 4:32 PM, Tom Eastep <teastep@shorewall.net> wrote:> > Put the rule for your IP address *last*; the tcrules file is ''last match > wins''. >I found this, and I had also to exclude the host from a REDIRECT for the Squid transparent proxy which was preventing the web traffic to flow directly thru this provider. Many thanks, it''s working! Bye. Alessandro ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
El 17/02/2012 04:09, Alessandro Faglia escribió:> On Thu, Feb 16, 2012 at 4:32 PM, Tom Eastep <teastep@shorewall.net > <mailto:teastep@shorewall.net>> wrote: > > > Put the rule for your IP address *last*; the tcrules file is ''last > match > wins''. > > > I found this, and I had also to exclude the host from a REDIRECT for > the Squid transparent proxy which was preventing the web traffic to > flow directly thru this provider. > > Many thanks, it''s working! >You don''t need to exclude it from the redirect rule, just have to configure it also inside squid, using tcp_outgoing_address http://www.squid-cache.org/Doc/config/tcp_outgoing_address/ HTH Pablo. ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
On Fri, Feb 17, 2012 at 11:51 AM, Pablo Sebastian Greco < shorewall@fliagreco.com.ar> wrote:> > You don''t need to exclude it from the redirect rule, just have to > configure it also inside squid, using tcp_outgoing_address [...] >I don''t know if it''d help, because I need this to work for one device only, and not for all users'' workstations sharing the same proxy (which is running btw on the same box). That''s why I think this is the only way. Thanks. Alessandro ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
On Fri, Feb 17, 2012 at 12:21 PM, Alessandro Faglia < alessandro.faglia@serioplast.com> wrote:> On Fri, Feb 17, 2012 at 11:51 AM, Pablo Sebastian Greco < > shorewall@fliagreco.com.ar> wrote: >> >> You don''t need to exclude it from the redirect rule, just have to >> configure it also inside squid, using tcp_outgoing_address [...] >> > > I don''t know if it''d help, because I need this to work for one device > only, and not for all users'' workstations sharing the same proxy (which is > running btw on the same box). >Sorry I read just now the second half of your link. Well, it should work. I''ll give a try. Thanks again. Alessandro ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/