Hi,
I've setup quagga on a shorewall firewall server.
The only purpose for this is to use BGP to connect to a "peering platform"
supplied by our data centre supplier.
There are some very large ISP's (and other various providers including google)
on this peering platform and connecting to it will speed up access to/from our
services and hosted servers.
The physical connecting of the shorewall server is:
eth0: main S-IPC internet link
eth1: local LAN
eth2: peering platform
When I enabled quagga (zebra & bgpd) the other night, saw the thousands of
routes get imported via BGP onto the shorewall server, then various tests were
performed and most failed. For example, the routing for a remote user (on an
ISP on the peering platform) trying to get to one of the web sites we host,
stopped at the hop above the shorewall firewall for eth2.
As expected, all the BGP imported routes show on eth2.
The default gateway of the shorewall server is eth0 (S-IPC).
Prior to installing quagga on the shorewall server, I installed it on a test
server and all worked fine.
I believe I have the firewall rules correct, and various shorewall reading
(like the Multi-ISP setup etc) hasn't led me any closer to what went wrong.
I did keep logs and test results which I've gone through and analysed, but
still can't figure out why it didn't work as expected.
So my question is, do Quagga and shorewall play nice together on the same box?
Are their any gotchas involved?
Thanks.
Michael.
------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://p.sf.net/sfu/dev2dev-palm
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
