Though not to distract from Fedora, if you have a complex firewall setup, why not just use something like pfSense? HA, uses multiple ISP links, nice GUI, free, BSD
On 10/24/2014 11:45 AM, Bill Davidsen
wrote:
I have a
complex firewall setup running on an older version of Fedora, and
I'd like to upgrade to RHEL7 or recent Fedora. Unfortunately, I
can't really do what I need using firewalld, so two questions:
1 - has anyone done this and were there any serious gotcha's?
2 - is it as easy as removing firewalld and installing
networkmanager with yum?
This setup uses two (soon three) ISP connections, any of which can
be used as default, two secure internal networks, and one DMZ for
servers. Some connections must be forced out via a defined ISP,
and since Linux doesn't source route like BSD, I can't just set
the source IP and have the packet go out the right interface,
hoops must be jumped.
Any experience to share?
For source routing:
Add an entry to /etc/iproute2/rt_tables:
1000 Comcast_ip1
then (where 192.0.2.1 is the gateway and 192.0.2.2 is your IP
address):
# ip route add table Comcast_ip1 default via
192.0.2.1 via eth1
# ip rule add priority 2000 from 192.0.2.2
table Comcast_ip1
Adjust to suit your needs.
Bill
|
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
