Hello, it seems I am hit by http://shorewall.net/MultiISP.html#Local : "Experience has shown that in some cases, problems occur with applications running on the firewall itself. This is especially true when you have specified routefilter on your external interfaces in /etc/shorewall/interfaces (see above). When this happens, it is suggested that you have the application use specific local IP addresses rather than 0."
My setup is (Fedora 12, shorewall-4.4.6-2.fc12): interfaces: loc eth0 detect net eth1 detect dhcp net eth2 detect dhcp,logmartians=0 providers: ISP! 1 1 main eth1 isp1_gw track,balance eth0 ISP2 2 2 main eth2 isp2_gw track,balance eth0 route_rules: eth1 - ISP1 1000 eth2 - ISP2 1000 tcrules: 1:P 0.0.0.0/0 1 $FW 2:P 192.168.0.0/24 0.0.0.0/0 tcp 10050,10051,10052,10053,10054 The problem is that some DNS requests, ssh connections from firewall to outside hang/timeout. shorewall dump shows that some requests are issued via ISP2. DNS requests problem was cured by adding "query-source ISP1_IP;" to /etc/named.conf. But I don't want to deal with every app. How to make all connections from firewall go via ISP1? Local masqueraded PCs don't have this problem. Regards, Nerijus ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
