Chris Morley wrote:
I have followed the Multi-ISP guide to the best of my ability but i haven't done something right because the firewall connections outbound only work half the time... many apologies if i have missed anything blatantly obvious, I know I have I just don't know what.
Two things:a) As the guide clearly points out, entries in tcrules are not enough to control traffic originating on the firewall (see the section entitled "Applications Running on the Firewall").
b) That being the case, running a multi-ISP configuration in which one interface appears to be up but isn't is poor practice.
c) Even if both connections were available, you have omitted the entries in /etc/shorewall/masq necessary to properly catch traffic that binds to one address but is forced to go out through the opposite interface. See the rules following this text "Regardless of whether you have masqueraded hosts or not, the following entries are required in /etc/shorewall/masq if you plan to redirect connections from the firewall using entries in /etc/shorewall/tcrules or if you specify balance on your providers."
I would try adding the masq rules first -- if you still have problems then you need to disable the interface that isn't working. The best way to do that is:
a) add the 'optional' option to the leased line (curiously you have specified it on the BusinessOne line but not on the leased line).
b) Down the leased line interface until it is up and running. That way, you can use your single two-ISP configuration regardless of whether the leased line is up or not.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
