Am Sonntag, 13. Dezember 2009 18:00:38 schrieb Tom Eastep: > KP Kirchdoerfer wrote: > > Am Samstag, 12. Dezember 2009 19:55:35 schrieb Tom Eastep: > >> KP Kirchdoerfer wrote: > >>> Hi; > >>> > >>> I've tried to setup multi-isp with two ppp connections and have been > >>> sucessful - somehow. > >>> > >>> Accessing the Server behind the fw works and the connection speed is > >>> sufficient. > >>> Accessing the net from inside is slow and unreliable - just as clampmss > >>> has been set to "no", which is not the case. > >> > >> What does 'from inside' mean? From the 'loc' zone? > > > > Sorry; > > > > yes the 'loc' is meant, for legacy reasons it's called 'dmz' in my setup > > files. > > Does 'ip route ls cache' show the correct MTU on routes out of ppp0 and > ppp1? (note that the two links have *different MTUs*) >
Tom; yes the MTU's are correct. And the pb seems to have been solved a few hrs ago. First I made shure, I have the masq file exactly as in the multi-ISP docs, which is somewhat different from my previous setup with only one line. And I followed a short note in a previous mail you wrote - the 'empty loc zone'. I removed the empty zone and all rules to/from that zone and after restarting all connections including from those from dmz runs as fast as expect. I wasn't aware that an empty zone can cause that much harm. Thanks for your help. kp ------------------------------------------------------------------------------ Return on Information: Google Enterprise Search pays you back Get the facts. http://p.sf.net/sfu/google-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
