From: ngouyamsa r. <mfo...@ya...> - 2006-02-21 21:46:43
|
Hi Tom, Thank's so much for your fast answer. I am sorry but as you can see I am not a shorewall guru. But I hope you will still accept to help me. I am reading the shorewall documentation a again and hope I will avoid to ask stupid questions the next time as about the number of zones I can create. Let us go straight to the problem I want you to help me to sort out. I have a problem with P2P traffics in the ISP network I administrate. I have a Fedora Core 4 server, with BIND, Squid and shorewall installed as my main server. Behin it I have a mail server. I all the time have problem of slow connexion when customers to much P2P applications as Kazaa, bitorrent .. I have two satellite connexions, one is the main and the second one is a backup. I am currently making a list of all the ports that applications use. As I know it is not really possible to block P2P, I would like to forward all the P2P traffic from my main satellite connexion > to the backup satellite connexion. This is what I plan to implement to issue it: On my main server: > Squid >Shorewall >3 Ethernet Cards eth0 IP1= 81.75.1.x > > > Main Satellite Connexion eth1 IP2 = 172.168.2.x > > >Internal Network eth2 IP3 = 82.75.3.x > > > Backup Satellite Shorewall Static NAT External Address External Interface Internal address All Interfaces Local 82.75.3.2 eth2 81.75.1.2 No Yes Masquerading Interface Subnet Eth0 Eth1 Zone File Net Internet Lan LAN P2PZ P2PZ Interfaces file Eth0 Net Eth1 Lan Eth2 P2PZ Firewall Rules ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL PORT PORT DEST DNAT LAN P2PZ:82.75.3.2 tcp (P2P ports) - Roland Mfondoum VAKIFLAR ISHANI C BLOCK KAT1 No 7-8 GIRNE KKTC MERSIN 10 TURKEY PHONE: +90-392-815-8905 FAX: +90-392-815-8904 --------------------------------- Yahoo! Mail Use Photomail to share photos without annoying attachments. |