Have a firewall with 2 isps, openvpn, ipsec and ospf in use. The ospf is primarily for the openvpn tunnels. I'm phasing out ipsec because of traffic shaping issues.
Been rereading http://www.shorewall.net/MultiISP.html and realize I probably have a couple things not right.
in Table 200 are a few hacks to fix a couple problems. ip route list table 200 192.168.1.0/24 via 172.17.2.2 dev tun1 # iax routing mentioned next.192.168.11.0/24 via 192.168.2.254 dev eth0 # Makes outgoing packets via ipsec use local net ip instead of isp1 192.168.10.0/24 via 192.168.2.254 dev eth0 # Makes outgoing packets via ipsec use local net ip instead of isp1
The primary thing that is getting my attention is iax traffic will not pass from 192.168.3.1 to 192.168.1.15
All icmp ssh etc works OK. Really strange.The rule "192.168.1.0/24 via 172.17.2.2 dev tun1" makes it work but besides not being correct I want to add redundant openvpn tunnels and the static route must go.
This is shorewall version 4.2.1. I recently changed from 4.0 to fix some traffic shaping issues and it did not have this problem.
Is there any way to test if packets are marked?My guess is that some how these packets are being marked and going to table ISP2.
Any suggestions? My guess is I should change shorewall.conf to USE_DEFAULT_RT=Yes and providersISP1 1 256 - eth1 $gw1 track,balance=1 ISP2 2 512 - eth2 $gw2 track,balance=2
Should I put in optional? John -- John McMonagle IT Manager Advocap Inc.
status.txt.bz2
Description: BZip2 compressed data
------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
