Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Firewall - 2 Internet accesses - routing rules from source
Top Forums UNIX for Advanced & Expert Users Firewall - 2 Internet accesses - routing rules from source Post 62605 by el70 on Thursday 17th of February 2005 03:10:10 PM
Old 02-17-2005
Firewall - 2 Internet accesses - routing rules from source
Hello,

I would like to modify my firewall configuration for being able to handle 2 internet connections in my Red zone.
I would then like to configure some selecting routing rules depending on the internal source.

Actual configuration:
=====================
1 router A (ISP)
|
| (Red) with different public adresses
|
FW---------------- (Orange)
|
|(green)
|
===================== (LAN)

the default gateway of my firewall is fixed to the @ of my ISP router

New desired configuration :
=====================
I now have 2 ISP providers with 2 different routers. (belonging to my ISP)
In the future I even think to add some more new ones.

routers A(ISP-A) and router B (ISP-B)
-------------
|
| (Red) with different public adresses
|
FW---------------- (Orange)
|
|(green)
|
===================== (LAN)

I wish to configure some routing rules in my firewall, so to be able to select the INTERNET exit gateway depending on the internal source.

I succeeded to make a simulation of this situation, using a Linux server as firewall and router.
I configured all rules in the Linux box using commands like : iptables, ip rule, an so on... .
I used some examples found in books and in Internet pages or forum.

But now I'm looking in a way to do it in my PRODCTION environment with my SMOOTHWALL-SERVER firewall.

I did not succeed to find how to do it with the Web interface of this product. Or better say, I did not know exactly where to look for it.
I even tried to force a configuration in a text mode command. But it seems that ip rule commands are not usable in the kernel situation of the Smoothwall.


If anyone knows how to do it with Smoothwall Server or Smoothwall Express I would appreciate some help. From a Smoothwall Express example, I would surely find a similar way of doing it with Smoothwall Server.

Here is the example of the routing rules I would like to be able to configure.
* all internet traffic from a server A in my LAN zone should pass through router B to go to the INTERNET.
* and all the traffic from all other computers or servers from my LAN should go through router A.
or the same rule for computers in my orange zone.
* all internet traffic from a server B in my orange zone should pass through router B to go to the INTERNET.
* and all the traffic from all other computers or servers from my orange zone should go through router A.

My question will perhaps seems a little bit tricky or even stupid for some of you.
But I'm a beginner in firewall configuration and I do not know much about it.
I just a begginer and any help will be fully appreciate.

Thanks for any indications or help that can guide me through my researches an tests.

Excuse all english mistakes in this text. I'm just a french guy and I do not write in english very often.

Thanks to all of you.
 

8 More Discussions You Might Find Interesting

1. IP Networking

Routing, Port Mapping, Internet Sharing etc etc

I'm running OS X. (OS X Server actually) and right now I use a program called BrickHouse to handle my router configuration. But this program kind of sucks. I'd much rather learn how to configure these programs manually. By these programs, I mean the programs OS X comes with to handle these jobs... (0 Replies)
Discussion started by: l008com
0 Replies

2. UNIX for Dummies Questions & Answers

Best open source firewall for a Centos Server

any recommendations ? thanks (1 Reply)
Discussion started by: upirate
1 Replies

3. UNIX for Advanced & Expert Users

routing and firewall

I have a PC with KUBUNTU installed on it and with 2NIC's on it (two PCI network 100Mbit cards). I want to use it as a server packet router and firewall between two computers with windows installed on them, each of this computer being connected to one different card on the KUBUNTU server. The... (1 Reply)
Discussion started by: meorfi
1 Replies

4. Linux

routing rules for dmz in debian router.

Hi to all. There are eth0(wan) eth1(lan) and eth3(dmz) in my debian router. In dmz is planing dns, ad, dhcp, smtp/pop/imap, https(web-based imap client). I don't configured rules on "iptables" and "route" loads for right relation lan clients with dmz services. Please explain me example... (0 Replies)
Discussion started by: sotich82
0 Replies

5. IP Networking

Firewall with sslvpn with Internet gateway

hi, i have this diagram internet | | -------------- |firewall/sslvpn | -------------- | | 192.168.0.0/24 | -------------------------- ---- ------------- | internet gateway win2003|----|10.1.2.0/24 |... (0 Replies)
Discussion started by: itik
0 Replies

6. Red Hat

Iptables/Firewall rules for multicast IP.

Hi Gurus, I need to add Multicast Port = xyz Multicast Address = 123.134.143 ( example) to my firewall rules. Can you please guide me with the lines I need to update my iptables files with. (0 Replies)
Discussion started by: rama krishna
0 Replies

7. IP Networking

Source IP address field in RREP on DSR routing

Hello I have a question about routing in MANET using Dynamic Source Routing protocol. IN RFC4728 (DSR) in section "IP fields" of RREP (Route Reply) packet we have this: ok. I read in several books and also in rfc4728 that: when a source node (node that initiate route discovery process)... (1 Reply)
Discussion started by: acu281
1 Replies

8. IP Networking

[Android-Networking] can't acces internet, while settings says all is ok => Routing/Nameserver prob

Hello, since a while, i have a very strange and frustrating network problem with my Huawei p6(Android 4.4.2). The ROM is "Omni Rom", i think - but it shouldn't matter. The problem is: when i try to connect through wlan (i have no mobile internet), according to the network manager of android,... (1 Reply)
Discussion started by: Palindrom
1 Replies

LEARN ABOUT DEBIAN

shorewall6-rtrules

SHOREWALL6-RTRULES(5)						  [FIXME: manual]					     SHOREWALL6-RTRULES(5)

NAME

       rtrules - Shorewall6 Routing Rules file

SYNOPSIS

       /etc/shorewall6/rtrules

DESCRIPTION

       Entries in this file cause traffic to be routed to one of the providers listed in shorewall6-providers[1](5).

       The columns in the file are as follows.

       SOURCE (Optional) - {-|interface|address|interface:<address>}
	   An ip address (network or host) that matches the source IP address in a packet. May also be specified as an interface name optionally
	   followed by ":" and an address. If the device lo is specified, the packet must originate from the firewall itself.

	   Beginning with Shorewall 4.5.0, you may specify &interface in this column to indicate that the source is the primary IP address of the
	   named interface.

       DEST (Optional) - {-|address}
	   An ip address (network or host) that matches the destination IP address in a packet.

	   If you choose to omit either SOURCE or DEST, place "-" in that column. Note that you may not omit both SOURCE and DEST.

       PROVIDER - {provider-name|provider-number|main}
	   The provider to route the traffic through. May be expressed either as the provider name or the provider number. May also be main or 254
	   for the main routing table. This can be used in combination with VPN tunnels, see example 2 below.

       PRIORITY - priority
	   The rule's numeric priority which determines the order in which the rules are processed. Rules with equal priority are applied in the
	   order in which they appear in the file.

	   1000-1999
	       Before Shorewall6-generated 'MARK' rules

	   11000-11999
	       After 'MARK' rules but before Shorewall6-generated rules for ISP interfaces.

	   26000-26999
	       After ISP interface rules but before 'default' rule.

       MARK - {-|mark[/mask]}
	   Optional -- added in Shorewall 4.4.25. For this rule to be applied to a packet, the packet's mark value must match the mark when
	   logically anded with the mask. If a mask is not supplied, Shorewall supplies a suitable provider mask.

EXAMPLES

       Example 1:
	   You want all traffic coming in on eth1 to be routed to the ISP1 provider.

		       #SOURCE		       DEST	       PROVIDER        PRIORITY    MASK
		       eth1		       -	       ISP1	       1000

FILES

       /etc/shorewall6/rtrules

SEE ALSO

       http://shorewall.net/MultiISP.html

       shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
       shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-routestopped(5),
       shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),
       shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)

NOTES

	1. shorewall6-providers
	   http://www.shorewall.net/manpages6/shorewall6-providers.html

[FIXME: source] 						    06/28/2012						     SHOREWALL6-RTRULES(5)
All times are GMT -4. The time now is 04:20 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy