OK I've just included a shorewall dump in the mail The update on this is that ...
Indeed the ping gets routed to ISP1 I also can see the reply comming in ( tcpdump ) however ping or fping lies there dead .... Mean while #ip route get IP_ADDRESSshows the particular address I was pinging as it was supposed to be routed through ISP2
My interfaces file is ----------------------------------------------------------- net eth0 detect net eth1 detect dmz eth2 detect loc br0 detect routeback ----------------------------------------------------------- I Wish to route all fw traffic to ISP1 But the rule gets ignored .... In my tcrules file I have only one rule. 0x100 $FW - 0x100 br0 0.0.0.0 with high route marks . Then after executing a ping from fw->net I found out that successive pings get routed interchanged to both isp providers. my providers file is NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY ISP1 1 0x100 main eth0 10.10.10.1 track,balance eth2,br0 ISP2 2 0x200 main eth1 10.0.12.1 track,balance eth2,br0 shorewall show mangle shows traffic getting marked ok. however when I add a rule from Loc->net and mark packets to go through a particular provider it also looked like both ISPs where used. Then I replaced the balance option with loose and it the fw->net traffic got routed through the ISP1 but I am not sure that this package will do balance for packets that have no specific mark on them :-\ shorewall version 3.4.8 kernel 2.6.25 ------------
shorewall.dump.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
