Re: [Shorewall-users] Multi ISP and http sessions

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

My connections are pppoe, so the internal PPP endpoint IP changes and, from
tests I've done, the exit point from the ISP NAT gateway also changes... so
I guess this isn't going to work so well?

On 30 July 2013 00:17, Tom Eastep <te...@sh...> wrote:

>  On 07/29/2013 08:59 AM, Steve Wray wrote:
>
> If I wanted to use a squid proxy running on the router I'd have this?
>
>  SAME                          $FW                  -               tcp
>   80,443
>
>
> You can try that -- given that applying tcrules doesn't work reliably when
> the source is $FW, it may or may not do what you want.
>
> I personally use ACLs to assign different hosts to different source IP
> addresses:
>
> acl mac src 172.20.1.145/32 172.20.1.146/32
> tcp_outgoing_address 67.170.121.6 mac
>
> acl rest src 172.20.0.0/22
> tcp_outgoing_address 70.90.191.121
>
> This will still work if one of the connections is down (provided that it
> is not hard down).
>
> -Tom
>
> --
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his carhttp://shorewall.net \________________________________________________
>
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> Shorewall-users mailing list
> Sho...@li...
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>