On Tue, 26 Jul 2005, Visham Ramsurrun wrote: > Dear Carl, > > many thx for the reply...i too thought abt that..but i don't know how > to do it. Here is my firewall script. > > #!/bin/bash > > IPT="/sbin/iptables" > > $IPT -F > $IPT -Z > > if [ ! -r x ]; then > > # No value from previous run - initialize x > x=1 > else > x=$((`cat x`)) > echo "Value of x from previous run = $x" > fi > > if [ $x -eq 1 ]; then > #FW1 IP: 192.168.10.2 > $IPT -A FORWARD -i eth0 -o eth0 -s 192.168.10.0/24 -d > 192.168.10.0/24 -p icmp --icmp-type echo-request -j ACCEPT > $IPT -A FORWARD -i eth0 -o eth0 -s 192.168.10.0/24 -d > 192.168.10.0/24 -p icmp --icmp-type echo-reply -j ACCEPT > x=0; > else > #FW2 IP: 192.168.10.3 > $IPT -A FORWARD -i eth0 -o eth1 -s 192.168.10.0/24 -d > 192.168.10.0/24 -p icmp --icmp-type echo-request -j ACCEPT > $IPT -A FORWARD -i eth0 -o eth1 -s 192.168.10.0/24 -d > 192.168.10.0/24 -p icmp --icmp-type echo-reply -j ACCEPT > x=1; > fi So you want FW1 to reply to allow every other ping, and FW2 to allow those that FW1 ignores? I'm sure there's a way, but I'm certainly not the authority on load balancing. Others here I'm sure are more adept at fielding this sort of question. HTH. Carl - -- "There are 10 types of people in the world: Those who understand binary and those that don't."
