Hello list, I apologize for the simplicity of this email. I have been given the task of setting up a failover connection at out office using old parts. Well, a few days and a couple of installs later, I have a successful configuration, but I am having an issue with my iptables setup. As I am new to the routing scene, I wondered if there was someone who would be able to help point me in the right directions. I have a LAN router setup running CentOS 4.2, this box has 4 nics in it. Ips are as Follows. 192.168.19.1 (primariy WAN route) 192.168.20.1 (secondary WAN route) 192.168.21.1 (default PCLAN) 192.168.22.1 (VOIP LAN) Currently I have a Firewall sitting on the Primary WAN connection as well as one on the secondary Wan connection (2 physical Firewalls). There are a few problems which I have not been able to overcome. I have been successful in getting ipfwd working, but now have noticed a new issue. The goal internally was to allow the primary link to fail and then have our internet connection switch to the secondary wan route. (I have to do this through a script since I technically have a network between my primary fw and my secondary fw. (this doesn't usually go down!). This I think is easy enough, my Script will adjust the default route internally for this to be routed out. HOWEVER,,,,,, Our office uses a report server they have to be able to hit from the outside of our network when on the road. We have a Port forward setup on the firewalls to forward into the internal port on the server they need to access. But, the problem is, from the outside, users can only hit and access the firewall which is currently the default route for the internal network to get out. The firewall can ping from its internal interface all of the internal networks, but we can't seem to get through otherwise. I would be happy to detail more information if needed, but I wondered if there was someone who would be able to lead me to a configuration which might allow this setup to work. Thanks -- Heath Henderson heath@xxxxxxxxxx 1800 288 7750 -- _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
