On 11/6/2010 6:20 PM, Tom Eastep wrote: > On 11/6/10 2:06 PM, Alan Madill wrote: >> >> The system that we are replacing used to be the main NAT router to the >> Internet >> for the corporate side. As such it has it's default gateway on the Internet >> and >> a large routing table to direct anything on the corporate side out via the >> WAN >> router. This is a pain to maintain. I'd rather have the WAN router be the >> default. >> > If your routing environment is that complex, then: > > a) Shorewall will never be a solution to your problem. > b) You need to implement a routing protocol internally. > > -Tom
I understand point a) but I'm not quite sure what you mean by point b). I don't have a complete grasp of the netfilter layer but can't you tag (or mark) packets based on origin (or other criteria) and then run them through a unique routing table? Is this how the dual homed router or the decision to send a given port (say smtp) out through a given interface on a dual homed router works? If point a) is correct then you have just saved me a lot of "bang head against desk" repeat, repeat,... Thank you. ------------------------------------------------------------------------------ The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book "Blueprint to a Billion" shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
