[Shorewall-users] Multi ISP CONFIG_IP_ROUTE_MULTIPATH_CACHED

Mon, 01 Dec 2008 05:23:02 -0800 

 Hi all

I just implemented a squid proxy running *shorewall* as firewall and load
balancer under f9.

Kernel: 2.6.25-14.fc9.i686

The setup run fine except that *shorewall* doesn't seem to untilize the two
ISP connections and favours one of them and I have the feeling that the
balancing is not working properly:

If I just diconnect the defaultrouted ISP the internet connectivity for the
proxy still persists via the default route.
If I disconnect the other 'non-defaultroute' ISP I have to restart the
network service and *shorewall* before the proxy has connectivity again.

The *shorewall* documentation states that the kernel is caching the routes
and will use the same ISP again and again.
Setting the Kernel Option CONFIG_IP_ROUTE_MULTIPATH_CACHED=n is supposed to
solve this problem.

So I went to build a new Kernel with this option but can't find it. The only
one comming close is: CONFIG_IP_ROUTE_MULTIPATH which is set to yes by
default.

*My question:*

1) Am I barking up the wrong tree in trying to build a new Kernel?

a) if no: can I just add the Option CONFIG_IP_ROUTE_MULTIPATH_CACHED=n into
the .config file before building the new kernel?

b) is the problem more likely based on the *shorewall* coniguration?


*here my ifconfig:*

eth0 Link encap:Ethernet HWaddr 00:0F:FE:1A:47:01
inet addr:172.16.2.4 Bcast:172.16.3.255 Mask:255.255.0.0

eth1 Link encap:Ethernet HWaddr 00:0A:5E:514:27
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0

eth1:1 Link encap:Ethernet HWaddr 00:0A:5E:514:27
inet addr:192.168.0.11 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:22 Base address:0xcc00

eth1:2 Link encap:Ethernet HWaddr 00:0A:5E:514:27
inet addr:192.168.0.12 Bcast:192.168.0.255 Mask:255.255.255.0

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0

*The virtual interfaces are configured by shorewall masq:*

#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth1:1 eth0 192.168.0.11-192.168.0.12


*Here my providers:*

#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
ISP1 1 1 main eth1:1 192.168.0.101 balance
ISP2 2 2 main eth1:2 192.168.0.102 balance


192.168.0.101 and 102 are the two ISP router.


Would be great if somebody has some input for me!!

Thanks

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to