--- Tom Eastep <[EMAIL PROTECTED]> wrote: > Tom Eastep wrote: > > Vieri Di Paola wrote: > >> Hi, > >> > >> I am in the process of upgrading a multi-isp > router > >> (ISP1, 2, 3). Previously it was working as > expected > >> with Shorewall 3.0.8 and kernel 2.6.16. > >> > >> I'm now havig trouble with ISP2 and ISP3 only > after > >> moving to shorewall 3.4.2 and kernel 2.6.19. > Incoming > >> connections don't complete. > >> An example: > >> a DNAT rule redirects Internet port 443 to a lan > >> server. (from 217.126.158.166 to > 85.48.225.159:443 -> > >> 10.215.144.16:443) > >> > >> Note that 85.48.225.159 (ISP3) is on the ADSL > >> modem/router (PPPoA) and has local IP > 192.168.101.1 > >> and redirects all incoming traffic to > 192.168.101.2 > >> which is the multi-isp shorewall gateway. > >> > >> Please find the shorewall dump here: > >> http://fhm.zapto.org/dump.gz > > > > This doesn't look good: > > > > 10001: from all lookup ISP1 > > 10001: from all lookup ISP1 > > 10001: from all lookup ISP1 > > 10001: from all lookup ISP1 > > 10001: from all lookup ISP1 > > 10001: from all lookup ISP1 > > 10001: from all lookup ISP1 > > 10001: from all lookup ISP1 > > 10001: from all lookup ISP1 > > 10001: from all lookup ISP1 > > 10001: from all lookup ISP1 > > 10001: from all lookup ISP1 > > 10002: from all lookup ISP2 > > 10002: from all lookup ISP2 > > 10002: from all lookup ISP2 > > 10002: from all lookup ISP2 > > 10002: from all lookup ISP2 > > 10002: from all lookup ISP2 > > 10002: from all lookup ISP2 > > 10002: from all lookup ISP2 > > 10002: from all lookup ISP2 > > 10002: from all lookup ISP2 > > 10002: from all lookup ISP2 > > 10002: from all lookup ISP2 > > 10003: from all lookup ISP3 > > 10003: from all lookup ISP3 > > 10003: from all lookup ISP3 > > 10003: from all lookup ISP3 > > 10003: from all lookup ISP3 > > 10003: from all lookup ISP3 > > 10003: from all lookup ISP3 > > 10003: from all lookup ISP3 > > 10003: from all lookup ISP3 > > 10003: from all lookup ISP3 > > 10003: from all lookup ISP3 > > 10003: from all lookup ISP3 > > > > What route_rules entries do you have? > > Those rules have the priority of the rules that > Shorewall generates to match > fwmarks to providers. So I'm guessing that your > kernel isn't handling > routing rules correction.
Should I look for a specific kernel option? >From the shorewall multi-isp doc: " The /etc/shorewall/route_rules file was added in Shorewall version 3.2.0. The route_rules file allows assigning certain traffic to a particular provider just as entries in the tcrules file. The difference between the two files is that entries in route_rules are independent of Netfilter. " My route_rules file is empty. The rules are in tcrules as shownn below. I will try setting some rules in route_rules and see if it works, since this multi-isp router was using an old shorewall (3.0.8). I may also compile a different kernel. # Shorewall version 3.4 - Providers File #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONSCOPY ISP1 1 1 main eth0 192.168.92.1 track,balance=8 eth1 ISP2 2 2 main eth2 192.168.100.1 track,balance=1 eth1 ISP3 3 3 main eth3 192.168.101.1 track,balance=1 eth1 # Shorewall version 3.4 - Tcrules File #MARK SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS # PORT(S) PORT(S) 2:P 0.0.0.0/0 0.0.0.0/0 tcp 25 1:P 10.215.144.0/22 0.0.0.0/0 tcp 80,443 1:P 0.0.0.0/0 217.72.192.149/32 tcp 25 1:P 0.0.0.0/0 217.72.192.188/32 tcp 25 1:P 0.0.0.0/0 212.101.64.4/32 tcp 25 1:P 0.0.0.0/0 212.101.75.227/32 tcp 25 1:P 0.0.0.0/0 64.14.56.246/32 tcp 25 1:P 0.0.0.0/0 216.34.191.52/32 tcp 25 1:P 0.0.0.0/0 158.109.168.132/32 tcp 25 1:P 0.0.0.0/0 158.109.168.135/32 tcp 25 3:P 0.0.0.0/0 0.0.0.0/0 tcp 22,3389,21 3:P 10.215.144.47/32 0.0.0.0/0 3:P 10.215.146.21/32 0.0.0.0/0 2:P 10.215.144.12/32 0.0.0.0/0 tcp 80,443 3:P 10.215.144.10/32 0.0.0.0/0 tcp 80,443 __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
