Re: [Shorewall-users] Two ISPs configuration problem

From: Tom Eastep <teastep_at_nospam>
Date: Mon Jan 09 2012 - 22:52:43 GMT
To: Shorewall Users <shorewall-users@lists.sourceforge.net>

On Mon, 2012-01-09 at 15:48 -0200, JoÃ£o Alberto Kuchnier wrote:
> Hi everyone,
>
> I'm have experienced some problems since a installed a second ISP on my
> network.
>
> ISP1 1 1 main eth0 xxx.xxx.xxx.xxx
> track,balance=1 eth2,eth3
> ISP2 2 2 main eth1 xxx.xxx.xxx.xxx
> track,balance=3 eth2,eth3
>
> ISP1 = 2Mbit / 13 valid ips
> ISP2 = 4Mbit / 5 valid ips
>
> I want to use just ISP2 for all outgoing connections. However, my SMTP
> messages must use one of ISP1 valid IPs. Moreover, ISP1 must take over
> if the primary link fails.
>
> I tried to use this configuration in tcrules file:
>
> MARK SOURCE DEST PROTO PORT(S) CLIENT
> USER TEST
> # PORT(S)
> 1:P 192.168.1.2 0.0.0.0/0 tcp smtp,smtps # FOR
> SMTP MAIL SERVER
>
> My masq file is working like this:
>
> #INTERFACE SOURCE ADDRESS PROTO PORT(S)
> IPSEC MARK
> eth1 0.0.0.0/0 xxx.xxx.xxx.xxx
> eth0 0.0.0.0/0 xxx.xxx.xxx.xxx
> eth0:2 192.168.1.2 xxx.xxx.xxx.xxx tcp
> smtp,smtps # FOR SMTP MAIL SERVER
>
> At this moment, I'm having problems sending e-mails to other servers.

Please send me the output of 'shorewall dump' collected as described at
http://www.shorewall.net/support.htm#Guidelines.

Thanks,
-Tom
-- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________

------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

This message: [ Message body ]
Next message: Tom Eastep: "Re: [Shorewall-users] Shorewall gateway - routing issue with dual wan (looking to report possible bug ?)"
Previous message: Nick: "[Shorewall-users] Shorewall gateway - routing issue with dual wan (looking to report possible bug ?)"
In reply to: João Alberto Kuchnier: "[Shorewall-users] Two ISPs configuration problem"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]