John McMonagle wrote: > The USE_DEFAULT_RT=Yes seems to fix my problems it :-) > > A few less serious issues to deal with. > > When I restarted shorewall still had a default route left in main. > something like > default via 69.129.223.177 dev eth1 > I removed it. > > I think it is because I have both default routes defined in > /etc/network/interfaces. > It was always there before but caused no harm as it was after the > correct default route. > > I have not rebooted yet but suspect it will come back. > Should I remove one of the gateways out of interfaces?
>From http://www.shorewall.net/MultiISP.html#USE_DEFAULT_RT: 6. You should disable all default route management outside of Shorewall. If a default route is inadvertently added to the main table while Shorewall is started, then all policy routing will stop working except for those routing rules in the priority range 1-998. > > Really should have asked this first but in > http://www.shorewall.net/MultiISP.html has > For most routing applications, Quagga <http://www.quagga.net/> is a > better solution. > > I'm already running quagga and if it can be done I'm interested. > I have a t1 (TDS) and a cable modem ( Charter ) , Particularly with > the cable modem wouldn't think I would have sufficient a access to a > routing protocol with the isp. > Is it possible to be able to use quagga for this? That statement in the manual is simply reiterating the principle that you get what you pay for. Using Quagga with two commercial-grade uplinks with routing protocols available is clearly superior to the hack that Shorewall provides. > > When a isp is down need to temporarily disable it. > I have done a could different methods. > I have commented out providers and made scripts to change the default route. > Is there a shorewall way to do it? Make both interfaces 'optional' and simply 'shorewall restart'. In later versions of Shorewall, you use the 'optional' option in /etc/shorewall/interfaces and you can do 'shorewall -f restart' which doesn't even run the compiler. If the link appears up even though it is unusable, you may need to provide an 'isuable' script to suppliment Shorewall's 'interface_is_usable' test. ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
