Harry Lachanas wrote: > Indeed the ping gets routed to ISP1 > I also can see the reply comming in ( tcpdump ) > however ping or fping lies there dead ....
Probably being dropped as martians -- but you'll never know it since you haven't enabled martian logging. > > I Wish to route all fw traffic to ISP1 > But the rule gets ignored .... Which is described as a possible problem in the Shorewall Multi-ISP documentation in the section entitled "Applications Running on the Firewall". > > > In my tcrules file I have only one rule. > > 0x100 $FW - > 0x100 br0 0.0.0.0 > > with high route marks . > > Then after executing a ping from fw->net I found out that successive > pings get routed interchanged to both isp providers. > > my providers file is > NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY > OPTIONS COPY > ISP1 1 0x100 main eth0 10.10.10.1 > track,balance eth2,br0 > ISP2 2 0x200 main eth1 10.0.12.1 > track,balance eth2,br0 > > shorewall show mangle shows traffic getting marked ok. > > > however when I add a rule from Loc->net and mark packets to go through a > particular provider it also looked like both ISPs where used. > > Then I replaced the balance option with loose and it the fw->net traffic > got routed through the ISP1 but I am not sure that this package will do > balance for packets that have no specific mark on them :-\ The only thing that 'loose' does is that it causes one routing rule per external interface to be omitted (the rule that allows applications to bind to a particular interface's address to force the application use that interface). Specifying 'loose' is an alternative to the technique of configuring your applications themselves to use a specific interface. It should work fine provided that you don't need to use that technique. ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
