Thanks Tom, this helped a lot. ISP1 is my cable provider, ISP2 the dsl pppd connection. But I figured that out.
The only thing I don't get is your LSM config here: connection { name=Comcast checkip=${ETH0_GATEWAY:-71.231.152.1} device=$COM_IF ttl=1 } I replaced these values with my own, i.e. connection { name=ISP1 checkip=${ETH1_GATEWAY} device=$ETH1_IF ttl=1 } I've set up ETH1_IF in params, but where gets the script ETH1_GATEWAY from? I checked the findgw script and it works fine. Still, the value checkip is always empty. Best Sebastian Am 31.08.2010 um 16:17 schrieb Tom Eastep: > On 8/31/10 1:34 AM, Sebastian Tänzer wrote: > >> I've attached my shorewall dump, I hope this is correct. > > Is this dump taken after ppp0 has been connected/reconnected? I'm > guessing 'yes' and that the ppp0 interface is provider 'ISP1'? > > If so, I would try the following: > > - create the file 'shorewall' in both /etc/ppp/ip-up.d and > /etc/ppp/ip-down.d > > - In each file, put: > > #!/bin/sh > > /sbin/shorewall status > /dev/null && /sbin/shorewall restart -f > > That will restart Shorewall if it is already running and ppp0 goes up > or down. > > - Disable adding the default route in your ppp config. You'll have > to dig around in your documentation for your ppp software (pptp, > pppoe, pppocp [1], ...). It may be as simple as adding > 'nodefaultroute' to /etc/ppp/options but since I've not used ppp > since the days of dial-up Internet access, I'm far from certain. > > - Set the 'balance' option on ISP2 and 'fallback' on ISP1. Be sure that > you have 'main' in the DUPLICATE column and 'eth0,eth3' in the COPY > column in both entries. Place '-' in the GATEWAY column of ISP1. > > - Run LSM but only have it monitor eth1; the entries in /etc/ppp/ will > restart shorewall if ppp0 goes up or down. > > -Tom > > [1] - PPP over Carrier Pigeon > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > ------------------------------------------------------------------------------ > This SF.net Dev2Dev email is sponsored by: > > Show off your parallel programming skills. > Enter the Intel(R) Threading Challenge 2010. > http://p.sf.net/sfu/intel-thread-sfd_______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users