-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2/20/20 2:05 PM, Stijn De Weirdt wrote:
> hi tom,
>
> wow, i feel a bit stupid now.
>
> the manpage says that "USE_DEFAULT_RT=Yes" is the default, so
> somehow it isn't?
It is in 5.2 -- it was not in 5.1
>
> anyway, thanks for helping!
>
You ar
hi tom,
wow, i feel a bit stupid now.
the manpage says that "USE_DEFAULT_RT=Yes" is the default, so somehow it
isn't?
anyway, thanks for helping!
stijn
On 2/20/20 10:37 PM, Tom Eastep wrote:
> On 2/20/20 1:13 PM, Stijn De Weirdt wrote:
>> hi tom,
>
>> output of shorewall dump in attachment
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2/20/20 1:13 PM, Stijn De Weirdt wrote:
> hi tom,
>
> output of shorewall dump in attachment
>
Set
USE_DEFAULT_RT=Yes
in shorewall.conf.
- -Tom
- --
Tom Eastep\ Q: What do you get when you cross a mobster
Shoreline, \
hi tom,
output of shorewall dump in attachment
stijn
On 2/20/20 9:53 PM, Tom Eastep wrote:
> On 2/20/20 8:54 AM, Stijn De Weirdt wrote:
>> hi all,
>
>
>> i am trying to setup a multiisp setup similar to the basic setup in
>> the documentation.
>
>> however, when sending packets from the local
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2/20/20 8:54 AM, Stijn De Weirdt wrote:
> hi all,
>
>
> i am trying to setup a multiisp setup similar to the basic setup in
> the documentation.
>
> however, when sending packets from the local network to the
> internet using snat (or masq), the r
>> While it works, this setup has a drawback: the ping IP can't be
>> reached when a link goes down.
>
> What do you mean by 'link goes down'? Do you mean that a 'shorewall
> disable' has been done for the link?
No, I mean that shorewall can't reach the IP (the adsl link goes down,
the ISP has rou
On Thu, Oct 8, 2015 at 11:49 AM, Filippo Carletti
wrote:
>
> [Sorry to revive an old thread, Tom, I have a new idea]
>
> >> I choose not to ping the connection gateway because both gateway are
> >> local and never go down, while especially one connection (wimax) goes
> >> down once in a while and
On 10/08/2015 07:49 AM, Filippo Carletti wrote:
> [Sorry to revive an old thread, Tom, I have a new idea]
>
> Tom, I followed your advice and added a couple of routes for the IP
> addresses lsm have to ping.
> While it works, this setup has a drawback: the ping IP can't be
> reached when a link go
[Sorry to revive an old thread, Tom, I have a new idea]
>> I choose not to ping the connection gateway because both gateway are
>> local and never go down, while especially one connection (wimax) goes
>> down once in a while and I can detect status pinging a remote ip.
>
> You must configure a sta
On Wed, Jun 17, 2015, at 04:34 PM, Tom Eastep wrote:
> What is the state of Shorewall after the upgrade?
Immediately after the pkg upgrade completes, Shorewall is started, and the
firewall's up as configured. Just without those two routing tables.
Main/default connection works, 2nd provider
On 6/17/2015 7:57 AM, PGNd wrote:
> I finally found an intermittent 'culprit' that's been causing some grief --
> the process of pkg-upgrading shorewall* in a MultiISP setup.
>
> With any given version of Shorewall
>
> shorewall6-lite v4.6.9
> shorewall-core v4.6.9
> shorewall-init v4.6.9
On 5/5/2014 9:24 AM, Filippo Carletti wrote:
> Hi,
> I'm using shorewall (4.5.18) and lsm (0.163) with a two ISP setup.
> I followed documentation and the linuxfest presentation (all provider
> balance), but choose to ping remote ip instead of the local gateway.
> lsm is started as a service, not b
On 1/28/2014 2:58 AM, JC Putter wrote:
> Hi,
>
> i am trying to setup LSM with shorewall to do failover however LSM startup
> with
>
> can't set multicast time-to-live "Protocol not available"
>
> anyone seem this? i have no idea where to start looking
There is an LSM mailing list at l...@list
Daniel Banck skrev den 2013-07-03 17:48:
> 4.4.26.1 is the version which ships with Ubuntu 12.04 LTS. I'll see
> if
> I can get a newer version.
make a bump version request on lunchpad, or create updated deb files
self from tarball, dont just install tarball content, it will break
dependics
-
Good to know. Thanks.
Maybe you should update the warning at the beginning of the guide:
"This document describes the Multi-ISP facility in Shorewall 4.4.26 and later."
4.4.26.1 is the version which ships with Ubuntu 12.04 LTS. I'll see if
I can get a newer version.
On Wed, Jul 3, 2013 at 5:37 P
On 07/03/2013 08:28 AM, Daniel Banck wrote:
> Hi!
>
> I've been trying to get the multiple ISP example running on my shorewall.
> Using this http://www.shorewall.net/MultiISP.html#idp3634200 as base,
> I've encountered some erros, like:
>
> ERROR: Invalid Provider Name (?if) : /etc/shorewall/prov
On 4/9/13 12:38 PM, "João Alberto Kuchnier"
wrote:
>Hi folks!
>
>I used Shorewall Multi ISP manual
>(http://www.shorewall.net/MultiISP.html) to configure a dual link
>firewall in one of our clients. When the primary link fails, remote
>conections using the secondary remains working. However, from
On 11/13/2012 04:18 AM, Artur Uszyński wrote:
> Hello.
>
> Shouldn't marks in routemark chain (and "~excl" chains etc.) be applied with
> mask according to PROVIDER_OFFSET and PROVIDER_BITS ?
> Currently shorewall does this:
>
> -A routemark -i p2p1 -j MARK --set-mark 0x100
> -A routemark -i p2p
On Thu, 2011-09-01 at 12:27 -0400, Luis Candia wrote:
> Please I need help with the next error.
>
>
> I'm trying to implement a LAN with two ISP to get acces to Internet,
> load balacing and failover in case of any isp fails.
>
>
> This is the result of:
>
>
> #shorewall -vv start
>
>
> Com
On 1/12/11 4:10 PM, Elio Tondo wrote:
> I have a rather complex configuration (thanks Tom for the great flexibility
> of
> Shorewall!) with three ISP connections, two separate LAN zones, a DMZ and a
> vpn zone (OpenVPN server for road warriors running on the firewall).
>
> Initially I tried to
Thanks again, setup works as you proposed it.
There should be some updates to the docs as it
took the most time to figure out why the scripts aren't
working in the latest version.
Best regards from Germany
Sebastian
Am 31.08.2010 um 23:06 schrieb Tom Eastep:
> On 8/31/10 12:31 PM, Sebastian Tänz
On 8/31/10 12:31 PM, Sebastian Tänzer wrote:
> Thanks Tom,
>
> this helped a lot. ISP1 is my cable provider, ISP2 the dsl pppd connection.
> But I figured that out.
>
> The only thing I don't get is your LSM config here:
>
> connection {
> name=Comcast
> checkip=${ETH0_GATEWAY:-71.231.15
Thanks Tom,
this helped a lot. ISP1 is my cable provider, ISP2 the dsl pppd connection.
But I figured that out.
The only thing I don't get is your LSM config here:
connection {
name=Comcast
checkip=${ETH0_GATEWAY:-71.231.152.1}
device=$COM_IF
ttl=1
}
I replaced these values with
On 8/31/10 1:34 AM, Sebastian Tänzer wrote:
> I've attached my shorewall dump, I hope this is correct.
Is this dump taken after ppp0 has been connected/reconnected? I'm
guessing 'yes' and that the ppp0 interface is provider 'ISP1'?
If so, I would try the following:
- create the file 'shorewall'
Tom Eastep wrote:
> Try using the 'SAME' MARK/CLASSIFY target in a tcrule that specifies the
> ftps client's address in the SOURCE column.
Hi Tom,
thank you very much for pointing me to the right direction. Although I
run firewalls for a while now, I have no experience with the abilities
of tcrule
Tom Eastep wrote:
> Christian Vieser wrote:
>> So, the question is: When the first connection is established, how can I
>> mark
>> all further connections (from the origin of the connection or to the
>> destination
>> of the connection) to use the same provider, as long as the first
>> connecti
Christian Vieser wrote:
> Tom wrote:
> >>> Is there a "shorewall way" to solve this problem?
> >>
> >> I would start with http://www.shorewall.net/MultiISP.html.
> >> Sounds like the "track" option may solve this.
> >
> > I agree that this is another case where 'track' should help.
>
> I'm s
Tom wrote:
>>> Is there a "shorewall way" to solve this problem?
>>
>> I would start with http://www.shorewall.net/MultiISP.html.
>> Sounds like the "track" option may solve this.
>
> I agree that this is another case where 'track' should help.
I'm sorry, but I found no hint in the MultiISP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/20/2009 06:50 AM, Robert K Coffman Jr. -Info From Data Corp. wrote:
>> Is there a "shorewall way" to solve this problem?
>
> I would start with http://www.shorewall.net/MultiISP.html.
>
> Sounds like the "track" option may solve this.
I agree
>Is there a "shorewall way" to solve this problem?
I would start with http://www.shorewall.net/MultiISP.html.
Sounds like the "track" option may solve this.
- Bob Coffman
--
Come build with us! The BlackBerry(R) Develo
- Original Message -
From: "Steven Jan Springl" <[EMAIL PROTECTED]>
To: "Shorewall Users"
Sent: Tuesday, February 26, 2008 3:52 AM
Subject: Re: [Shorewall-users] MultiISP and fixed routes
> Tom / Francesco
>
> This is fixed in kernel 2.6.2
Steven Jan Springl wrote:
On Friday 22 February 2008 16:42, Francesco Saverio Giudice wrote:
Hi Tom,
I get the error:
-
# ip route add 1.2.4.5 dev eth3
# ip route replace 1.2.4.5 dev eth3
RTNETLINK answers: File exists
-
I have to patch kernel or something else ?
Tom / Fran
On Friday 22 February 2008 16:42, Francesco Saverio Giudice wrote:
> Hi Tom,
>
> I get the error:
>
> -
> # ip route add 1.2.4.5 dev eth3
> # ip route replace 1.2.4.5 dev eth3
> RTNETLINK answers: File exists
> -
>
> I have to patch kernel or something else ?
>
Tom / Francesco
Thi
Francesco Saverio Giudice wrote:
>
> just to know, the reply from [EMAIL PROTECTED] is:
>
>
> - Original Message -
> From: "Joonwoo Park" <[EMAIL PROTECTED]>
> To: "Francesco Saverio Giudice" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Saturday, February 23, 2008 7:44 AM
> Su
Hi All,
- Original Message -
From: "Tom Eastep" <[EMAIL PROTECTED]>
To: "Shorewall Users"
Sent: Friday, February 22, 2008 5:55 PM
Subject: Re: [Shorewall-users] MultiISP and fixed routes
You should report it at [EMAIL PROTECTED] (that's where the Linux
- Original Message -
From: "Tom Eastep" <[EMAIL PROTECTED]>
To: "Shorewall Users"
Sent: Friday, February 22, 2008 5:55 PM
Subject: Re: [Shorewall-users] MultiISP and fixed routes
You should report it at [EMAIL PROTECTED] (that's where the Linux
networ
- Original Message -
From: "Tom Eastep" <[EMAIL PROTECTED]>
To: "Shorewall Users"
Sent: Friday, February 22, 2008 10:21 PM
Subject: Re: [Shorewall-users] MultiISP and fixed routes
>
> I have seen $DEFAULT_ROUTE in your patch.
> I have to dec
- Original Message -
From: "Tom Eastep" <[EMAIL PROTECTED]>
To: "Shorewall Users"
Sent: Friday, February 22, 2008 10:14 PM
Subject: Re: [Shorewall-users] MultiISP and fixed routes
> So my idea was to add a route to force use of ISP2 for connection goin
Francesco Saverio Giudice wrote:
- Original Message -
From: "Tom Eastep" <[EMAIL PROTECTED]>
To: "Shorewall Users"
Sent: Friday, February 22, 2008 8:42 PM
Subject: Re: [Shorewall-users] MultiISP and fixed routes
This should fix both issues. Note that thes
Francesco Saverio Giudice wrote:
- Original Message -
From: "Tom Eastep" <[EMAIL PROTECTED]>
To: "Shorewall Users"
Sent: Friday, February 22, 2008 8:42 PM
Subject: Re: [Shorewall-users] MultiISP and fixed routes
This should fix both issues. Note that thes
- Original Message -
From: "Tom Eastep" <[EMAIL PROTECTED]>
To: "Shorewall Users"
Sent: Friday, February 22, 2008 8:42 PM
Subject: Re: [Shorewall-users] MultiISP and fixed routes
This should fix both issues. Note that these are horrible hacks which
will op
Francesco Saverio Giudice wrote:
tested and the result is:
#shorewall restart
-
IP Forwarding Enabled
Setting up Proxy ARP...
Adding Providers...
RTNETLINK answers: File exists
ERROR: Command "ip route replace default scope global nexthop via A.A.A.A
dev eth1 weight 1 nexth
Tom,
> Please try the second patch I sent or reconfigure proxy ARP as I
> suggested earlier in my response to Jerry.
tested and the result is:
#shorewall restart
-
IP Forwarding Enabled
Setting up Proxy ARP...
Adding Providers...
RTNETLINK answers: File exists
ERROR: Command
Francesco Saverio Giudice wrote:
- Original Message -
From: "Tom Eastep" <[EMAIL PROTECTED]>
To: "Shorewall Users"
Sent: Friday, February 22, 2008 6:43 PM
Subject: Re: [Shorewall-users] MultiISP and fixed routes
On Fri, 2008-02-22 at 18:31 +0100, Francesco
- Original Message -
From: "Tom Eastep" <[EMAIL PROTECTED]>
To: "Shorewall Users"
Sent: Friday, February 22, 2008 6:43 PM
Subject: Re: [Shorewall-users] MultiISP and fixed routes
> On Fri, 2008-02-22 at 18:31 +0100, Francesco Saverio Giudice wrote:
>
Tom Eastep wrote:
On Fri, 2008-02-22 at 18:31 +0100, Francesco Saverio Giudice wrote:
Hi Tom,
- Original Message -
From: "Tom Eastep" <[EMAIL PROTECTED]>
To: "Shorewall Users"
Sent: Friday, February 22, 2008 5:38 PM
Subject: Re: [Shorewall-users] Multi
Tom Eastep wrote:
Jerry Vonau wrote:
Tom Eastep wrote:
Tom Eastep wrote:
Francesco Saverio Giudice wrote:
Hi All,
I have 2 problems with MultiISP configuration: (Shorewall 4.0.8-4
on CentOS and Kernel 2.6.24 recompiled with netfilter options)
Some days ago I have upgraded configuration fr
Jerry Vonau wrote:
Tom Eastep wrote:
Tom Eastep wrote:
Francesco Saverio Giudice wrote:
Hi All,
I have 2 problems with MultiISP configuration: (Shorewall 4.0.8-4 on
CentOS and Kernel 2.6.24 recompiled with netfilter options)
Some days ago I have upgraded configuration from a 3.x version
(
On Fri, 2008-02-22 at 18:31 +0100, Francesco Saverio Giudice wrote:
> Hi Tom,
>
> - Original Message -
> From: "Tom Eastep" <[EMAIL PROTECTED]>
> To: "Shorewall Users"
> Sent: Friday, February 22, 2008 5:38 PM
> Subject: Re: [Shorewa
On Fri, 2008-02-22 at 18:31 +0100, Francesco Saverio Giudice wrote:
> Hi Tom,
>
> - Original Message -
> From: "Tom Eastep" <[EMAIL PROTECTED]>
> To: "Shorewall Users"
> Sent: Friday, February 22, 2008 5:38 PM
> Subject: Re: [Shorewa
Tom Eastep wrote:
> Tom Eastep wrote:
>> Francesco Saverio Giudice wrote:
>>> Hi All,
>>>
>>> I have 2 problems with MultiISP configuration: (Shorewall 4.0.8-4 on
>>> CentOS and Kernel 2.6.24 recompiled with netfilter options)
>>>
>>> Some days ago I have upgraded configuration from a 3.x version
Hi Tom,
- Original Message -
From: "Tom Eastep" <[EMAIL PROTECTED]>
To: "Shorewall Users"
Sent: Friday, February 22, 2008 5:38 PM
Subject: Re: [Shorewall-users] MultiISP and fixed routes
Tom Eastep wrote:
> Francesco Saverio Giudice wrote:
>> Hi All,
Francesco Saverio Giudice wrote:
Hi Tom,
I get the error:
-
# ip route add 1.2.4.5 dev eth3
# ip route replace 1.2.4.5 dev eth3
RTNETLINK answers: File exists
-
I have to patch kernel or something else ?
You should report it at [EMAIL PROTECTED] (that's where the Linux
netw
Hi Tom,
I get the error:
-
# ip route add 1.2.4.5 dev eth3
# ip route replace 1.2.4.5 dev eth3
RTNETLINK answers: File exists
-
I have to patch kernel or something else ?
And for the rest ? Is it related to same iproute2 error ?
Thank you for you help
Best Regards
Francesco
Tom Eastep wrote:
Francesco Saverio Giudice wrote:
Hi All,
I have 2 problems with MultiISP configuration: (Shorewall 4.0.8-4 on
CentOS and Kernel 2.6.24 recompiled with netfilter options)
Some days ago I have upgraded configuration from a 3.x version (single
ISP) to actual (in sense that I
Francesco Saverio Giudice wrote:
Hi All,
I have 2 problems with MultiISP configuration: (Shorewall 4.0.8-4 on
CentOS and Kernel 2.6.24 recompiled with netfilter options)
Some days ago I have upgraded configuration from a 3.x version (single
ISP) to actual (in sense that I have reinstalled OS
Andrew Suffield schreef:
>>For ISP1 (adsl): It's not cheap consumer stuff, it's a Arescom NetDSL
>>1000 supplied by the ISP.
>>
>>
>If it doesn't have 19" mounting brackets, it's consumer stuff. An
>example of a non-consumer ADSL router would be something from the
>Cisco 1800 series. The impo
On Tue, Sep 18, 2007 at 09:01:12AM +0200, Sjon Wijnolst wrote:
> Andrew Suffield schreef:
>
> >>The ADSL-line is supplied with an ethernet-router, no PPP-links required.
> >>
> >>
> >Since the cheap consumer ADSL routers are usually awful routers and
> >buggy, limited NAT devices, I always try
Andrew Suffield schreef:
>>The ADSL-line is supplied with an ethernet-router, no PPP-links required.
>>
>>
>Since the cheap consumer ADSL routers are usually awful routers and
>buggy, limited NAT devices, I always try to arrange for the PPP tunnel
>to extend as far as the firewall behind it. S
Grigory Mokhin schreef:
>>Since this doesn't happen every day, and I use tcrules to mark en direct
>>traffic to one ISP or another,
>>
>>
>
>Why do use tcrules for that? IP rules are used for routing, tc rules
>for shaping.
>
>
This is the way Shorewall's MultiISP-documents instructs to conf
Artur Uszyński wrote:
> Tom Eastep pisze:
>>> Looks like something is broken with your kit...
> It looks like the patch adding transformation from '-' to '0.0.0.0/0' is not
> needed...
I think it's still needed -- both the current Ubuntu and OpenSuSE releases
demonstrate the original problem yo
Tom Eastep pisze:
>> [EMAIL PROTECTED]:~# ip rule add from 1.1.1.1 to 10.0.0.0/8 priority 1000
>> table 5
>> [EMAIL PROTECTED]:~# ip rule add from 1.1.1.1 to 0.0.0.0/0 priority 1000
>> table
>> main
>> [EMAIL PROTECTED]:~# ip rule del from 1.1.1.1 to 0.0.0.0/0 priority 1000
>> [EMAIL PROTECTED]:~
Tom Eastep wrote:
> Maybe that's what you get but see this:
>
> [EMAIL PROTECTED]:~# ip rule ls
> 0: from all lookup 255
> 32766: from all lookup main
> 32767: from all lookup default
> [EMAIL PROTECTED]:~# ip rule add from 1.1.1.1 to 10.0.0.0/8 priority 1000
> table 5
> [EMAIL PROTECTED]
Artur Uszyński wrote:
> On nie, 16 wrz 2007 Tom Eastep wrote:
>
>> Artur Uszyński wrote:
>>
>>> I have several suggestions:
>>> 1. the patches in the attachment (add provider match requirement), they
>>> are for shorewall 4.0.3
>> I prefer the attached patch that expands a missing destination ( '-
On nie, 16 wrz 2007 Tom Eastep wrote:
> Artur Uszyński wrote:
>
>>
>> I have several suggestions:
>> 1. the patches in the attachment (add provider match requirement), they
>> are for shorewall 4.0.3
>
> I prefer the attached patch that expands a missing destination ( '-' ) to
> 0.0.0.0/0.
I'm so
The previous patch I sent was broken. Here's a corrected version.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Index: Shorewall/
Artur Uszyński wrote:
>
> I have several suggestions:
> 1. the patches in the attachment (add provider match requirement), they
> are for shorewall 4.0.3
I prefer the attached patch that expands a missing destination ( '-' ) to
0.0.0.0/0.
>
> 2. Maybe the procedure should be split up in two st
Artur Uszyński wrote:
> According to http://www.shorewall.net/MultiISP.html, section "What an
> entry in the Providers File Does":
>
> "1. Unless loose is specified, an ip rule is generated for each IP
> address on the INTERFACE that routes traffic from that address through
> the associated routin
Joerg Mertin wrote:
> Joerg Mertin wrote:
>> John Lewis wrote:
>>> I would strongly agree with Andrew on the router issue. At least if
>>> the PPPOE client is running on your Linux box you have much more
>>> control over how the link comes up and down. For instance you can
>>> configure how o
Joerg Mertin wrote:
> John Lewis wrote:
>> I would strongly agree with Andrew on the router issue. At least if
>> the PPPOE client is running on your Linux box you have much more
>> control over how the link comes up and down. For instance you can
>> configure how often the client checks the
John Lewis wrote:
> I would strongly agree with Andrew on the router issue. At least if
> the PPPOE client is running on your Linux box you have much more
> control over how the link comes up and down. For instance you can
> configure how often the client checks the other end of the connectio
Quoting Andrew Suffield <[EMAIL PROTECTED]>:
> On Wed, Sep 12, 2007 at 01:25:03PM +0200, Sjon Wijnolst wrote:
>> Joerg Mertin schreef:
>>
>> >As you are using an ADSL line - an ip-up script can be used by the
>> >ppp-daemon. I'd modify the script to actually perform the tasks
>> you require.
>>
On Wed, Sep 12, 2007 at 01:25:03PM +0200, Sjon Wijnolst wrote:
> Joerg Mertin schreef:
>
> >As you are using an ADSL line - an ip-up script can be used by the
> >ppp-daemon. I'd modify the script to actually perform the tasks you require.
> >
> >
> The ADSL-line is supplied with an ethernet-rout
On 9/12/07, Kenneth Gonsalves <[EMAIL PROTECTED]> wrote:
>
> could you share the script?
>
Yes.
http://ra.bofh.lv/mok/dualgw-failover
Regards,
Gregory
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Micr
On 9/12/07, Sjon Wijnolst <[EMAIL PROTECTED]> wrote:
> >
> >I have two DSL lines, each of them is rather unreliable, going down
> >and up frequently. My solution is to arping the gateways for the two
> >lines every 5 seconds or so, and if a line is not responding, then add
> >an ip rule to direct a
Ok.
Do these routers have SNMP support ? e.g. could you query the interface
port status of these routers through an snmp-get call ?
If yes - it would be easy to set something up.
Check the interface status (routine to cycle through the results).
If one interface is down - issue a command to reroute
On 12-Sep-07, at 4:55 PM, Sjon Wijnolst wrote:
> The ADSL-line is supplied with an ethernet-router, no PPP-links
> required.
>
> My first concern is monitoring ISP2 for failing and ip-changes - a
> next
> step would be to also include failover for ISP1. Since that connection
> is very reliabl
On 12-Sep-07, at 4:55 PM, Grigory Mokhin wrote:
> is back, this ip rule is deleted. The actual script is very simple and
> it works well. This way shorewall doesn't have to be restarted, and tc
> rules are also not affected.
could you share the script?
--
regards
Kenneth Gonsalves
Associate,
In that case you could missuse the ddclient (used for dyndns).
It checks the IP on the router - if the link fails - your interface goes
down - e.g. no more connection - and the system will notice there is no IP.
When the Interface comes back up - you can use that script to also
trigger another scri
Grigory Mokhin schreef:
>On 9/12/07, Kenneth Gonsalves <[EMAIL PROTECTED]> wrote:
>
>
>I have two DSL lines, each of them is rather unreliable, going down
>and up frequently. My solution is to arping the gateways for the two
>lines every 5 seconds or so, and if a line is not responding, then add
Joerg Mertin schreef:
>As you are using an ADSL line - an ip-up script can be used by the
>ppp-daemon. I'd modify the script to actually perform the tasks you require.
>
>
The ADSL-line is supplied with an ethernet-router, no PPP-links required.
My first concern is monitoring ISP2 for failing a
On 9/12/07, Kenneth Gonsalves <[EMAIL PROTECTED]> wrote:
>
> On 12-Sep-07, at 4:30 PM, Sjon Wijnolst wrote:
>
> > Which tools can be used to monitor connections (up-down, IP) and act
> > uppon changes? Any experience? I've been looking into Paul Gear's
> > article but that doesn't really implement
Kenneth Gonsalves schreef:
>On 12-Sep-07, at 4:30 PM, Sjon Wijnolst wrote:
>
>the config files are not a problem - the problem is, how do you
>detect when the ISP goes down, or, more important, when i comes up
>again?
>
That's exactly where my problem is: monitoring the connection and acting
As you are using an ADSL line - an ip-up script can be used by the
ppp-daemon. I'd modify the script to actually perform the tasks you require.
Cheers
Joerg
Sjon Wijnolst wrote:
> Dear list,
>
> Shorewall is running here with 2 ISP's:
> ISP1: corporate ADSL-line with fixed set of IP's
> ISP2: fa
On 12-Sep-07, at 4:30 PM, Sjon Wijnolst wrote:
> Which tools can be used to monitor connections (up-down, IP) and act
> uppon changes? Any experience? I've been looking into Paul Gear's
> article but that doesn't really implement what I want. I understood
> shorewall can be loaded with a differen
Jerry Vonau wrote:
>
> You need to mark the traffic from the firewall.
>
> Just drop the :P part, then the outbound traffic from the firewall is
> marked in the tcout chain. Something like this should work:
>
> 2 $FW 0.0.0.0/0 tcp 25
>
> Make sure you have the recommended ent
Bodo Huber wrote:
> Hello,
>
> I have successfully installed and configured a multi ISP environment
> based on Shorewall 3.4.3. I achieved this pretty much exaclty like
> explained in the related documentation
> (http://www.shorewall.net/MultiISP.html). Everything is working fine, I
> am using
That solved it. Thanks a million, Jerry!
Thanks,
Grant
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Jerry Vonau
Sent: Friday, May 25, 2007 7:08 PM
To: Shorewall Users
Subject: Re: [Shorewall-users] MultiISP problems with the track option
Grant
om: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Jerry Vonau
> Sent: Thursday, May 24, 2007 10:08 PM
> To: Shorewall Users
> Subject: Re: [Shorewall-users] MultiISP problems with the track option
>
> Jerry Vonau wrote:
>> Grant Scheffert wrote:
&
ll Users
Subject: Re: [Shorewall-users] MultiISP problems with the track option
Jerry Vonau wrote:
> Grant Scheffert wrote:
>> # Shorewall version 3.4 - Providers File
>> #
>> #NAMENUMBER MARKDUPLICATE INTERFACE GATEWAY
>> OPTIONS COPY
>
Jerry Vonau wrote:
> Grant Scheffert wrote:
>> # Shorewall version 3.4 - Providers File
>> #
>> #NAMENUMBER MARKDUPLICATE INTERFACE GATEWAY
>> OPTIONS COPY
>> ISP1 1 1 maineth2216.x.y.33 track,balance
>> ETH0
>> ISP2 2 2 ma
Subject: Re: [Shorewall-users] MultiISP problems with the track option
>
Please summit a shorewall dump.
Jerry
-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express
Grant Scheffert wrote:
> I've been using Shorewall on an older box for 3 years and it has worked
> fabulous. But we've expanded to having 2 ISPs so I'm building a new
> Fedora 6 firewall with Shorewall 3.4.2 and 4 NICs.
>
> I'm having a problem with outgoing connections when I add the track
> op
Grant Scheffert schrieb:
I've been using Shorewall on an older box for 3 years and it has worked
fabulous. But we've expanded to having 2 ISPs so I'm building a new
Fedora 6 firewall with Shorewall 3.4.2 and 4 NICs.
I'm having a problem with outgoing connections when I add the track
option to
--- Tom Eastep <[EMAIL PROTECTED]> wrote:
> Vieri Di Paola wrote:
> > Should I look for a specific kernel option?
>
> I have no idea. What you are seeing looks like the
> kernel is just plain
> broken rather than missing some option.
>
> If you forward a trace of 'shorewall restart'
> directly
Vieri Di Paola wrote:
>
> Should I look for a specific kernel option?
I have no idea. What you are seeing looks like the kernel is just plain
broken rather than missing some option.
If you forward a trace of 'shorewall restart' directly to me, I can make
sure that the correct commands are being
--- Tom Eastep <[EMAIL PROTECTED]> wrote:
> Tom Eastep wrote:
> > Vieri Di Paola wrote:
> >> Hi,
> >>
> >> I am in the process of upgrading a multi-isp
> router
> >> (ISP1, 2, 3). Previously it was working as
> expected
> >> with Shorewall 3.0.8 and kernel 2.6.16.
> >>
> >> I'm now havig trouble
Tom Eastep wrote:
> Vieri Di Paola wrote:
>> Hi,
>>
>> I am in the process of upgrading a multi-isp router
>> (ISP1, 2, 3). Previously it was working as expected
>> with Shorewall 3.0.8 and kernel 2.6.16.
>>
>> I'm now havig trouble with ISP2 and ISP3 only after
>> moving to shorewall 3.4.2 and ker
Vieri Di Paola wrote:
> Hi,
>
> I am in the process of upgrading a multi-isp router
> (ISP1, 2, 3). Previously it was working as expected
> with Shorewall 3.0.8 and kernel 2.6.16.
>
> I'm now havig trouble with ISP2 and ISP3 only after
> moving to shorewall 3.4.2 and kernel 2.6.19. Incoming
> con
El lun, 08-01-2007 a las 05:07 -0800, Vieri Di Paola escribió:
> I was wondering if there's a way to include multiple
> DSL lines on a single physical interface.
> I just ran out of ethernet cards and need to connect
> more lines, hopefully without having to setup a second
> shorewall gateway.
Yes
1 - 100 of 108 matches
Mail list logo
