Menu
▾
▴
Re: [Shorewall-users] routing packet from/to source/destination
|
From: Gilberto N. <gil...@gm...> - 2008-10-24 19:55:47
|
Oh my... Thank you Chakravarthy... May be I will use other solution and release shorewall... Thank you 2008/10/24 Chakravarthy Girda <gi...@ca...> > Hi, > I gave up on this issues. Here is my research... > > (1) /etc/shorewall/route_rules > * It works but only per IP address or the entire LAN. > * It won't work per protocol or service based. > * Failover capability won't work > Eg:- > #SOURCE DEST PROVIDER PRIORITY > #192.168.2.10 - DSL 11000 > #192.168.2.11 - T1 11001 > > Caution: > You have to make modifications to your load balancing/ > failover script (gwping..etc) ELSE if there is a failover on DSL (as > shown above) line my route for the above machine still stays in the old > routing table. That is where the failover script should switch the route > to the other. > > (2) /etc/shorewall/tcrules > This is supposed to work per protocol but I could never make it work. > Sample:- > #2:130 eth0 eth4 tcp - 873,21,22 > > Chakri > > > > Gilberto Nunes wrote: > > Thanks Jerry > > > > You put some light on my darkness... > > > > But I have a doubt here: > > > > Where I declare the ISP 1 or 2? /etc/shorewall/providers? > > > > Another question: > > > > In this case, I have to send outgoing traffic through specific external > IP. > > > > Let me explain. > > > > I have one LAN and two ISP, right? > > > > When some user behind Shorewall open your web browser or certain > > application, and enter a especific URL or Internet address, this traffic > > may be outgoing via ISP1, per example. > > > > Others traffic outgoinh via ISP2.... > > > > Thanks > > > > > > > > > > 2008/10/24 Jerry Vonau <jv...@sh... <mailto:jv...@sh...>> > > > > Gilberto Nunes wrote: > > > Hi all and specially Mr. Tom.... > > > > > > (Please, do not be acid with me please! I am only a newbie, > > trying learn > > > more about shorewall) > > > > > > I get involved with a Firewall Project in a customer here in my > > city... > > > > > > In this customer, he has two Internet Providers. > > > > > > So, he ask me how make certain connection following one routing > > path (like > > > RT_1) and others connections type, following the other routing > > path (like > > > RT_2). > > > > > > Let me try do a ascii art here: > > > > > > > > > ( I know is horrible think! rsrs I am not artist!) > > > > > > So, all traffic is pass by SHOREWALL MACHINE. ok! > > > > > > Some traffic have to out via ISP 1 and others traffic, will be > > out via ISP > > > 2. > > > > > > I am reading Multiple ISP docs, but it is not clearly for me > > > > > Right after one of the "WARNING"s on: > > http://www.shorewall.net/MultiISP.html > > > > Entries in /etc/shorewall/masq have no effect on which ISP a > particular > > connection will be sent through. That is rather the purpose of > entries > > in /etc/shorewall/tcrules or /etc/shorewall/route_rules. <<<<<< > > > > Now suppose that you want to route all outgoing SMTP traffic from > your > > local network through ISP 2. You would make this entry in > > /etc/shorewall/tcrules (and if you are running a version of Shorewall > > earlier than 3.0.0, you would set TC_ENABLED=Yes in > > /etc/shorewall/shorewall.conf). > > > > #MARK SOURCE DEST PROTO PORT(S) > CLIENT > > USER TEST > > # > PORT(S) > > 2:P <local network> 0.0.0.0/0 <http://0.0.0.0/0> > > tcp 25 > > " > > > > > So, I need some help with this. > > > > > > Can I use packet mark? How? > > > > > Depending on what you need to do, use entries in > /etc/shorewall/tcrules > > or /etc/shorewall/route_rules. > > > > > In a traditional iptables rules, I use --set-mark. > > > But in a Shorewall enviroment, how can I take action with this > > iptables > > > rules? > > > > > More traffic marking info at: > > http://www.shorewall.net/traffic_shaping.htm > > > > > THanks for all response. > > > > > > Sorry for my poor english... > > > > > Hope this helps, > > > > Jerry > > > > > > > ------------------------------------------------------------------------- > > This SF.Net email is sponsored by the Moblin Your Move Developer's > > challenge > > Build the coolest Linux based applications with Moblin SDK & win > > great prizes > > Grand prize is a trip for two to an Open Source event anywhere in > > the world > > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > > <http://moblin-contest.org/redirect.php?banner_id=100&url=/> > > _______________________________________________ > > Shorewall-users mailing list > > Sho...@li... > > <mailto:Sho...@li...> > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > > > > ------------------------------------------------------------------------ > > > > ------------------------------------------------------------------------- > > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > > Build the coolest Linux based applications with Moblin SDK & win great > prizes > > Grand prize is a trip for two to an Open Source event anywhere in the > world > > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Shorewall-users mailing list > > Sho...@li... > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Shorewall-users mailing list > Sho...@li... > https://lists.sourceforge.net/lists/listinfo/shorewall-users > |