similar to: nat for nonconnected network

Howzit guys, I have a question that has been boggling my mind: i have 2 servers( firewalls) 1 server connected to main ISP and another to another ISP( only certain traffic 195.0.0.0/8) Server 1 to main ISP: lan: eth0 192.168.1.0/24 outside: eth1 196.15.203.194/30 gw 196.15.203.193 DMZ: eth3 196.16.202.209/28 (mailservers etc ) private: eth4 10.0.10.2/24 Server 2 to second ISP (

Hi, First, never compare a linux box with a cheap and dumb broadband router. I''m not sure if i understand very well your scenario but I asume is like this: 192.168.0.1--------- -----------| ipsec | | --------- 128.X.X.X --------- 192.168.0.254 | ISP ----------| linux |------------------| --------- | ---------

Jens wrote: >I am trying to trace a problem I have in redirecting my mail traffic to a >different ISP. I have set up a whole bunch of logging rules but am still a >bit mystified and could use some clarification.... > >The setup (shortened somewhat for this example): >Cable connection coming into a firewall/router going to a mail server in the >DMZ. >The interface on the

Hi, I have an DNAT ISSUE with PREROUTING. This is my setup. I have 2 firewalls running iptables. Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall. 2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in that DMZ zone, mail server runnig @ 192.168.100.3 Now I want to DNAT port 25 of FISRT firewall ( i.e - its ip address - 1.2.3.4/29) to the internet ip

Hi there, I am having issues with inbound connections to our DMZ webserver. It is behind a firewall/gateway setup to load balance over 2 ISP connections and DNAT the requests to the DMZ address (10.0.0.x). But for some reason the connection is going into the firewall and then being routed out of the other connection rather than to the DMZ. Not 100% of the time, but enough to cause issues! Anyone

Hi, I''ve got 2 lines from two diffrent ISP''s, one is a leased line and another a DSL line, I route certain ips over the DSL line for faster access and would like email to go over the leased line as it has a static ip and is our sending mailserver ip I would like to send mail to the same ips that is routed over DSL via the leased line, otherwise my server gets blacklisted with

Hi, Below is my Linux firewall network configuration: - eth0 - isp 1, IP: 1.1.1.10, Netmask: 255.255.255.252 eth1 - isp 2, IP: 2.2.2.10, Netmask: 255.255.255.252 eth2 - lan, IP: 172.16.0.254, Netmask: 255.255.255.0 eth3 - dmz, 192.168.0.254, Netmask: 255.255.255.0 isp 1 gateway: 1.1.1.9 isp 2 gateway: 2.2.2.9 Below is my iptables rules: - echo 1 > /proc/sys/net/ipv4/ip_forward iptables

Hey Marek, I´know that i must to works whith the INGRESS (instead of EGRESS), i´ve well formed my kernel. My others TC rules for source IP address (not for MAC address) does work fine...!!!, the problem is whith the MAC because is a not "IP PROTOCOL" and for that i must to use the "u32/u16 match" to solve it, and if i make an analogy from my others INGRESS rules applied to Src

Hi all, I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as passive ftp. the theroy behind passive ftp is , - FTP server''s port 21 from anywhere (Client initiates connection) - FTP server''s port 21 to ports > 1024 (Server responds to client''s control port) - FTP server''s ports > 1024 from anywhere (Client initiates data

Dear all Lartc, I try to split my Internet access to my 2 ISP with 1 linux (GNU/Debian sarge) 3 NIC router, I want all my users conneted with ISP1 and just some IP connected with ISP2 Here is my configuration: Internal network: 10.117.71.0/24 Interface eth0 ISP1: IP for my linux box: 1.2.3.4/29 Interface: eth1 Gateway: 1.2.3.5 ISP2: IP for my

i''m trying to get equalized load balancing to 2 isps with some patched 2.4.26 / 2.4.27 kernels (i586) but after some time the linux box stop responding with kernel messages: dst cache overflow. i''m using patch-2.4.27-ja1.diff ( Julian Anastasov ) and ebtables (bridge filtering) patches my box has 4 network cards (3com 3c590 and tulip), bridged lan-dmz and 2 wan ports

I''ve got a linux machine (fedora core 3) with 4 network cards. I looked at the howto and the only example that is close to what I need to do is section 4.2 on multiple uplink providers. I feel like I''m so close but just can''t get my head around the final part. Here is what I have eth2 and eth4 connect to 2 different isps. I want all connections the come from my dmz

Hi, I''m seeking advice for the following setup. Shorewall 2.2.2, debian/sarge on Soekris net4501 boards. We have two ISP feeds (let''s call them ISP-1 and ISP-2) and get 8 static IPs with each feed. The plan is to have the publicly accessible servers sitting in the DMZ connected to ISP-1. Our local intranet (LOC) will be connected to ISP-2. There will be 3 firewall/routers: fw1

Hello everyone, really not sure if this is a LARTC question or not, but I have several hundred users all MASQ''d behind a single static IP. Users are reporting that certain websites are blacklisting that single static external IP for various reasons. What I would like to do is use several external IP''s and have a MASQ''d user getting a random one each time. Here is

Hi, I have a Linux Box to share a internet connection with NAT: | ISP | | Router | +---------------+ 200.36.107.137/32 | | | 200.36.107.138/32 +---------------+ | Linux | | router | +---------------+ 192.168.1.254/24 | | +---- host 1 192.168.1.1/24 | +---- host 2 192.168.1.2/24 | +---- ... | +---- host n

Hi Marcin, There is no problem to make limitation on a linux bridge. The rule must be the same as for a router: there must be applied on eth0 and eth1. All my best, Liviu On Wed, 2005-04-13 at 10:48 +0200, lartc-request@mailman.ds9a.nl wrote: > Send LARTC mailing list submissions to > lartc@mailman.ds9a.nl > > To subscribe or unsubscribe via the World Wide Web, visit >

Ok folks, here goes.. I have been boggling with a problem for the past week, and still haven''t found a solution.. I''m trying to route traffic from two providers through a Linux machine. But that is not the problem. The ISP''s have provided me with a WAN IP class for both of the lines, to be routed into a DMZ where the machines a to respond to their respective

Hi all, Can someone please help with a tcng setup? I have played with tc and tcng in the past, and now would like to get some serious rules in place. However, I have a difficulty in setting them up. My setup is as follows: One machine working as a firewall: eth0 is the interface connected to a 512K DSL line eth1 is connected to a LAN eth2 is connected to another LAN, a bit like a DMZ eth1 and

I''ve been having a bit of difficulty with a hierarchy of HTBs that I''m wanting to create. Essentially, I''ve got one interface that goes to both the DMZ and the internet. When going to the internet, some of the traffic will be going through a VPN and therefore I want to prioritize it differently, however I want to give the DMZ traffic full speed as long as it

Hopefully this is an easy question.... I''m using a leaf router (bearing) running shorewall. Three interfaces net, loc, and dmz. Only one computer in the dmz and its being proxy arp''d. External and internal (net and loc) can reach the dmz but the dmz cannot reach the isp''s gateway and beyond, but can reach a system adjacent to the firewall.