Firewall with 2 internet service provider. - Security

This is a discussion on Firewall with 2 internet service provider. - Security ; Hi all, i've a question about linux firewall, hope that here is a good place. Sorry for my english. My problema is this: i've one box with 4 NIC. Two nic are in INTERNAL (secure) lan and the other two ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Firewall with 2 internet service provider.

  1. Firewall with 2 internet service provider.

    Hi all,
    i've a question about linux firewall, hope that here is a good place.
    Sorry for my english.
    My problema is this: i've one box with 4 NIC. Two nic are in INTERNAL
    (secure) lan and the other two are in the External (insecure) lans.
    The two external have connection with two different router of two
    different Internet Service Provider. The two pubblic IP class
    naturally are different.
    The box works now with all two the providers, and i'm able to make
    some NAT between one provider or the other.
    The firewall is setup with FirewallBuilder.
    Now happened that i MUST reconfigure all, and i start from a clean
    FirewallBuilder setup.
    So, only the IPTABLES configuration, from FirewallBuilder is change,
    non network setup is change.
    When i apply my new configuration, i'm able to make NAT only from one
    of the two internet service provider (and the pubblic IP from this).
    Naturally, the one that is specified like GATEWAY in /etc/sysconfig/
    network file (Fedora Core 4). So, what i missed? What i forget? Where
    i can specify that all two the provider can be a GATEWAY depending
    from were the request arrives? ... why with the old FirewallBuilder
    configuration works (naturally not maked by me) and now not works?
    Thanks all.
    Mauro.

  2. Re: Firewall with 2 internet service provider.

    Mauroreggio@gmail.com ha scritto:
    > Hi all,
    > i've a question about linux firewall, hope that here is a good place.
    > Sorry for my english.
    > My problema is this: i've one box with 4 NIC. Two nic are in INTERNAL
    > (secure) lan and the other two are in the External (insecure) lans.
    > The two external have connection with two different router of two
    > different Internet Service Provider. The two pubblic IP class
    > naturally are different.
    > The box works now with all two the providers, and i'm able to make
    > some NAT between one provider or the other.
    > The firewall is setup with FirewallBuilder.
    > Now happened that i MUST reconfigure all, and i start from a clean
    > FirewallBuilder setup.
    > So, only the IPTABLES configuration, from FirewallBuilder is change,
    > non network setup is change.
    > When i apply my new configuration, i'm able to make NAT only from one
    > of the two internet service provider (and the pubblic IP from this).
    > Naturally, the one that is specified like GATEWAY in /etc/sysconfig/
    > network file (Fedora Core 4). So, what i missed? What i forget? Where
    > i can specify that all two the provider can be a GATEWAY depending
    > from were the request arrives? ... why with the old FirewallBuilder
    > configuration works (naturally not maked by me) and now not works?
    > Thanks all.
    > Mauro.


    Ciao Mauro,
    scusami x il pessimo inglese ...
    i'sorry for my bad english.
    I've solved a simil problem some years ago, so i
    cann't remember very well... but.. in my
    environment everything worked with iptables and
    iproute2.
    I had used iptables to MARK packets, so, iproute2
    can decided how to route the packets correctly.
    you can read how to here
    http://www.ideafactory.it/2008/03/27...rso-2-gateway/

    bye
    MaoX

  3. Re: Firewall with 2 internet service provider.

    On 13 Giu, 01:12, MaoX wrote:
    > Mauroreg...@gmail.com ha scritto:
    >
    >
    >
    > > Hi all,
    > > i've a question about linux firewall, hope that here is a good place.
    > > Sorry for my english.
    > > My problema is this: i've one box with 4 NIC. Two nic are in INTERNAL
    > > (secure) lan and the other two are in the External (insecure) lans.
    > > The two external have connection with two different router of two
    > > different Internet Service Provider. The two pubblic IP class
    > > naturally are different.
    > > The box works now with all two the providers, and i'm able to make
    > > some NAT between one provider or the other.
    > > The firewall is setup with FirewallBuilder.
    > > Now happened that i MUST reconfigure all, and i start from a clean
    > > FirewallBuilder setup.
    > > So, only the IPTABLES configuration, from FirewallBuilder is change,
    > > non network setup is change.
    > > When i apply my new configuration, i'm able to make NAT only from one
    > > of the two internet service provider (and the pubblic IP from this).
    > > Naturally, the one that is specified like GATEWAY in /etc/sysconfig/
    > > network file (Fedora Core 4). So, what i missed? What i forget? Where
    > > i can specify that all two the provider can be a GATEWAY depending
    > > from were the request arrives? ... why with the old FirewallBuilder
    > > configuration works (naturally not maked by me) and now not works?
    > > Thanks all.
    > > Mauro.

    >
    > Ciao Mauro,
    > scusami x il pessimo inglese ...
    > i'sorry for my bad english.
    > I've solved a simil problem some years ago, so i
    > cann't remember very well... but.. in my
    > environment everything worked with iptables and
    > iproute2.
    > I had used iptables to MARK packets, so, iproute2
    > can decided how to route the packets correctly.
    > you can read how to herehttp://www.ideafactory.it/2008/03/27/iproute-load-balance-verso-2-gat...
    >
    > bye
    > MaoX


    Credo che tu sia Italiano come me, quindi ... sei perdonato per
    l'inglese :-)
    Ok, thank you for your indication. I will try.
    The important is that now i know that really are the IPTABLES rules
    that must be modified (like i think).
    Only i must know more about "route based on source address".
    I hope that the link you posted me can help.
    Thanks,
    Mauro.

  4. Re: Firewall with 2 internet service provider.

    Mauroreggio@gmail.com ha scritto:
    >
    > Credo che tu sia Italiano come me, quindi ... sei perdonato per
    > l'inglese :-)
    > Ok, thank you for your indication. I will try.
    > The important is that now i know that really are the IPTABLES rules
    > that must be modified (like i think).
    > Only i must know more about "route based on source address".
    > I hope that the link you posted me can help.
    > Thanks,
    > Mauro.



    Esatto... italiano :-)
    i hope i helped you.
    bye
    MaoX

+ Reply to Thread