Menu
▾
▴
Re: [Shorewall-users] FW out ISP1
|
From: Tom E. <te...@sh...> - 2006-11-26 00:00:27
|
Mike Lander wrote: > After reading a post somewhere about squid I had=20 > somehow deducted to put my internal Ip in tcp outgoing > in squid.conf. After doing that squid worked and I had > left it at that. > Since that does not make sense now. I entered my > eth2 ip address which is dynamic in tcp outgoing=20 > and it works. Everything is going out that eth2 interface > now from squid on the firewall.=20 > So I have two questions > 1. How do I enter this in squid conf for=20 > a dynamic address. There is no way, as far as I know. >=20 > 2. In the first post is my configuration > correct for forcing traffic out the Isp > desired? The whole point of the section that I referred you to is that no one has discovered a foolproof way using just policy routing to force all traffic originating on the firewall out of one interface or the other. Plus, when I only see two or three lines out of an entire router/firewall configuration, I can't possibly tell you whether they are correct. But I would have thought that the first rule should have been coded with $ETH1_IP rather than $ETH2_IP. And of course, you need the appropriate entry in /etc/shorewall/masq... -Tom --=20 Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ te...@sh... PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key |