From: Steve W. <ste...@gm...> - 2013-07-30 02:16:21
|
My connections are pppoe, so the internal PPP endpoint IP changes and, from tests I've done, the exit point from the ISP NAT gateway also changes... so I guess this isn't going to work so well? On 30 July 2013 00:17, Tom Eastep <te...@sh...> wrote: > On 07/29/2013 08:59 AM, Steve Wray wrote: > > If I wanted to use a squid proxy running on the router I'd have this? > > SAME $FW - tcp > 80,443 > > > You can try that -- given that applying tcrules doesn't work reliably when > the source is $FW, it may or may not do what you want. > > I personally use ACLs to assign different hosts to different source IP > addresses: > > acl mac src 172.20.1.145/32 172.20.1.146/32 > tcp_outgoing_address 67.170.121.6 mac > > acl rest src 172.20.0.0/22 > tcp_outgoing_address 70.90.191.121 > > This will still work if one of the connections is down (provided that it > is not hard down). > > -Tom > > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his carhttp://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > _______________________________________________ > Shorewall-users mailing list > Sho...@li... > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > |