On 10/24/2014 11:45 AM, Bill Davidsen wrote:
I have a complex firewall setup running on an older version of Fedora, and I'd like to upgrade to RHEL7 or recent
Fedora. Unfortunately, I can't really do what I need using firewalld, so two questions:
1 - has anyone done this and were there any serious gotcha's?
2 - is it as easy as removing firewalld and installing networkmanager with yum?
This setup uses two (soon three) ISP connections, any of which can be used as default, two secure internal networks,
and one DMZ for servers. Some connections must be forced out via a defined ISP, and since Linux doesn't source route
like BSD, I can't just set the source IP and have the packet go out the right interface, hoops must be jumped.
Any experience to share?
For source routing:
Add an entry to /etc/iproute2/rt_tables:
1000 Comcast_ip1
then (where 192.0.2.1 is the gateway and 192.0.2.2 is your IP address):
#ip route add table Comcast_ip1 default via 192.0.2.1 via eth1
#ip rule add priority 2000 from 192.0.2.2 table Comcast_ip1
Adjust to suit your needs.
Bill
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
