On 11/6/10 8:29 PM, Alan Madill wrote: > > > On 11/6/2010 6:20 PM, Tom Eastep wrote: >> On 11/6/10 2:06 PM, Alan Madill wrote: >>> >>> The system that we are replacing used to be the main NAT router to the >>> Internet >>> for the corporate side. As such it has it's default gateway on the >>> Internet and >>> a large routing table to direct anything on the corporate side out via the >>> WAN >>> router. This is a pain to maintain. I'd rather have the WAN router be the >>> default. >>> >> If your routing environment is that complex, then: >> >> a) Shorewall will never be a solution to your problem. >> b) You need to implement a routing protocol internally. >> >> -Tom > > I understand point a) but I'm not quite sure what you mean by point b). > > I don't have a complete grasp of the netfilter layer but can't you tag (or > mark) > packets based on origin (or other criteria) and then run them through a > unique > routing table?
Yes -- but something (someone) needs to populate that routing table. > Is this how the dual homed router or the decision to send a > given port (say smtp) out through a given interface on a dual homed router > works? Dual homing almost never involves multiple routing tables. It rather uses a single routing table to determine where to send packets. > > If point a) is correct then you have just saved me a lot of "bang head > against > desk" repeat, repeat,... Thank you. > If your gateway has multiple *default* routes, then Shorewall can insure that response packets will be send via the appropriate default route (one default route per routing table -- a default route may have multiple next hops). But it cannot do "This request came from VLAN4 so the response will be routed back through VLAN4" without routing help. VLANs are are virtual ethernet LANs -- the destination of every packet send to the VLAN must be specified by a unique layer 2 (MAC) address (exceptions are broadcast and multicast). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book "Blueprint to a Billion" shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
