Hi Tom,
For the time being I decided to go with
"/etc/shorewall/route_rules" by making the entire machine traffic route
through my DSL interface with a priority.
192.168.10.13 - DSL 26000
192.168.10.13 - T1 26002
My fail over for 192.168.10.13 doesn't work. Means my DSL dies
the machine cannot communicated to the outside world but the rest of the
LAN devices are able to do fail over.
NOTE: I tried with 1000 & 1002
11000 & 11002
Any ideas on this ?
Thank you
Chakri
Chakravarthy Girda wrote:
> Hi Tom,
>
> Thank you for your response. I haven't noticed the warning but
> tried with old version notes. This is the postal effect of my failure in
> making it work the following
>
> /etc/shorewall/tcrules.
> 2:130 eth0 eth4 tcp - 873,20,21
> 2:131 eth0 eth4 udp - 873,20,21
>
> In my case I can't use /etc/shorewall/route_rules as I wanted
> specific port/service to happen than from the entire internal interface
> or internal machine.
>
> Once again I thank you for time. Please let me know if I am missing
> any other changes.
>
> Thank you
> Chakri
>
>
>
>
> Tom Eastep wrote:
>> Chakravarthy Girda wrote:
>>> Hi,
>>> Shorewall version -4.0.12-2 (EL5 rpm version)
>>> OS : Centos 5.2
>>>
>>> I have shorewall successfully running on Linux with multi ISP.
>>> Trying to make services such as "rsync, ftp" go through my secondary
>>> ISP. For which I did the following
>>>
>>> eth0 : Internal LAN
>>> eth4 : DSL (Second ISP) => x.x
>>> eth5 : T1 (First ISP) => y.y
>>>
>>>
>>> Created the following entries in /etc/shorewall/masq
>>>
>>> #INTERFACE SOURCE ADDRESS PROTO
>>> eth4 eth0 x.x tcp 20,21,873
>>> eth4 eth0 x.x udp 20,21,873
>>> eth5 x.x y.y
>>> eth4 y.y x.x
>>> eth5 eth0 y.y
>>> eth4 eth0 x.x
>>>
>>>
>>> But still my ftp and rsync follow my first default route. Which is
>>> my T1. What else I need to do to force this connections only use my
>>> secondary ISP.
>>
>> From http://www.shorewall.net/MultiISP.html (the 'Warning' is even in
>> bold font!):
>>
>> Warning
>>
>> Entries in /etc/shorewall/masq have no effect on which ISP a particular
>> connection will be sent through. That is rather the purpose of entries
>> in /etc/shorewall/tcrules or /etc/shorewall/route_rules.
>>
>> -Tom
>>
>>
>> ------------------------------------------------------------------------
>>
>> -------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Moblin Your Move Developer's
>> challenge
>> Build the coolest Linux based applications with Moblin SDK & win great
>> prizes
>> Grand prize is a trip for two to an Open Source event anywhere in the
>> world
>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Shorewall-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
