Typo (remove trailing double-quote): -- sed -i 's/^ENABLED=.*$/ENABLED=0/' /etc/arno-iptables-firewall/plugins/outbound-snat.conf --
Lonnie > On Mar 17, 2021, at 9:48 AM, Lonnie Abelbeck <li...@lonnie.abelbeck.com> > wrote: > > Hi Michael, > > When you say you have SNAT configured, are you using the nat-loopback plugin > or the outbound-snat plugin ? > > Either of those require obtaining the WAN IPv4 address to attach iptables "-j > SNAT --to-source $ip" rules, and as written only look at the primary external > address. Even if the Failover interface was looked at, the firewall would > have to be rebuilt for the failover context switch with the > /mnt/kd/wan-failover.script . > > Question, does either of these plugins make sense for a failover situation ? > > Possibly you want to disable the outbound-snat plugin on failover and > re-enable it on return to primary ? > > If you have the special case of the outbound-snat plugin enabled, you could > (untested code): > > -- /mnt/kd/wan-failover.script snippet -- > > SECONDARY) > ## Switched to Failover using secondary WAN link > > ## Disable outbound-snat plugin > iptables -t nat -D POSTROUTING -j OUTBOUND_SNAT > ;; > > PRIMARY) > ## Switched back to normal using primary WAN link > > ## Re-Enable outbound-snat plugin > iptables -t nat -I POSTROUTING -j OUTBOUND_SNAT > ;; > > -- > but this is somewhat fragile, such that if the firewall was restarted during > failover it would revert to the PRIMARY setting. To be less fragile, you > could also add: > -- > sed -i 's/^ENABLED=.*$/ENABLED=0/' > /etc/arno-iptables-firewall/plugins/outbound-snat.conf" > -- > and ENABLED=1 on return to PRIMARY. > > > Lonnie > > > >> On Mar 17, 2021, at 1:16 AM, Michael Knill >> <michael.kn...@ipcsolutions.com.au> wrote: >> >> Grr problem now found. I had SNAT configured which didn't work on the second >> WAN connection. >> Any way I can fix this e.g. don't do SNAT on the failover WAN? >> >> Regards >> Michael Knill >> >> From: Michael Knill <michael.kn...@ipcsolutions.com.au> >> Reply to: AstLinux List <astlinux-users@lists.sourceforge.net> >> Date: Wednesday, 17 March 2021 at 4:27 pm >> To: AstLinux List <astlinux-users@lists.sourceforge.net> >> Subject: [Astlinux-users] Weird routing problem >> >> Hi Group >> >> I'm currently at a site that has a primary and failover WAN connection and a >> two LAN connections. The primary WAN connection has failed over to the >> secondary WAN connection however it is only working on one of the LAN >> interfaces and not the other. I can ping the interface address fine so its >> not an interface problem. >> >> Does anyone have any idea why this would be happenning? >> >> Regards >> Michael Knill >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
