shorewall-users January 2012 archive
Main Archive Page > Month Archives  > shorewall-users archives
shorewall-users: [Shorewall-users] Two ISPs configuration proble

[Shorewall-users] Two ISPs configuration problem

From: Joćo Alberto Kuchnier <joao.kuchnier_at_nospam>
Date: Mon Jan 09 2012 - 17:48:47 GMT
To: shorewall-users@lists.sourceforge.net

Hi everyone,

I'm have experienced some problems since a installed a second ISP on my
network.

ISP1 1 1 main eth0 xxx.xxx.xxx.xxx
track,balance=1 eth2,eth3
ISP2 2 2 main eth1 xxx.xxx.xxx.xxx
track,balance=3 eth2,eth3

ISP1 = 2Mbit / 13 valid ips
ISP2 = 4Mbit / 5 valid ips

I want to use just ISP2 for all outgoing connections. However, my SMTP
messages must use one of ISP1 valid IPs. Moreover, ISP1 must take over
if the primary link fails.

I tried to use this configuration in tcrules file:

MARK SOURCE DEST PROTO PORT(S) CLIENT
USER TEST
# PORT(S)
1:P 192.168.1.2 0.0.0.0/0 tcp smtp,smtps # FOR
SMTP MAIL SERVER

My masq file is working like this:

#INTERFACE SOURCE ADDRESS PROTO PORT(S)
IPSEC MARK
eth1 0.0.0.0/0 xxx.xxx.xxx.xxx
eth0 0.0.0.0/0 xxx.xxx.xxx.xxx
eth0:2 192.168.1.2 xxx.xxx.xxx.xxx tcp
smtp,smtps # FOR SMTP MAIL SERVER

At this moment, I'm having problems sending e-mails to other servers.

Thanks for your help.

Best regards,

Joćo

------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users